Impersonation
With impersonation, you can allow users or user groups to act on behalf of other users or user groups and see the website through their eyes.
They can then log in to frontend with their regular extranet login, and select a user to impersonate (Figure 1.1).
Impersonation settings
Impersonation settings can be set on both individual users and at a group level, by clicking the Impersonation button in the ribbon bar.
This will launch a window (Figure 2.1) where you can select:
- Which users and user groups are available to impersonate
- Which users and user groups can impersonate this user or user group
If you cannot find the Impersonation button, try saving the user first.
Impersonation modes
In Dynamicweb, there are two impersonation modes:
- Only orders (actions on behalf of the impersonated user)
- Full impersonation (the current user is replaced with the impersonated user)
You can switch between the modes using the impersonation settings.
Since the global tags varies with the two impersonation modes, you may want to differentiate sections in your templates (for instance, if you have a paragraph with "X is now impersonating Y".
To do this, you can use the Global:Extranet.ImpersonationMode tag and create an if/else statement where the CurrentUser tags and SecondaryUser tags are switched.
Only orders
Selecting the "Only tag orders with impersonating user" setting enables the Only orders mode. When a user impersonates someone using this mode, orders they create are then placed on behalf of the impersonated user.
The following rules exists for this mode:
- Permissions (for pages etc.) are based on the impersonated user
- Orders are tagged with the impersonated user (Figure 4.1)
- Prices are based on the impersonator
- Forum posts are placed by the impersonator
Full impersonation
Selecting the "Replace current user with impersonated user" enables the Full impersonation mode. This mode basically switches the impersonator's and the impersonated user's IDs (CurrentUser tags are switched with the SecondaryUser tags). The impersonator can now act completely and directly on behalf of the impersonated user.
The following rules exists for this mode:
- Permissions (for pages etc.) are based on the impersonated user
- Orders are not tagged, but placed directly by the impersonated user
- Prices are based on the impersonated user
- Forum posts are placed by the impersonated user
When using Full Impersonation mode, you can check Use impersonator for permissions setting. This ensures that permissions are based on the impersonator. Otherwise, the rules are the same for the Full impersonation mode.
Frontend
In frontend you can then render a dropdown selector or a list of accounts which a user can impersonate, and then a button or form for starting and stopping the impersonation session:
If the list of available users/user groups in frontend doesn't match updated changes in the backend, try logging out of the frontend and then log in again.
AccessUserSecondaryRelation
Contains AccessUserId of users (AccessUserSecondaryRelationUserID) who can log in on behalf of other users (AccessUserSecondaryRelationSecondaryUserId) (i.e. Impersonate them).
Field name | Data type | Length | |
---|---|---|---|
AccessUserSecondaryRelationUserId | int | 4 | |
AccessUserSecondaryRelationSecondaryUserId | int | 4 | |
AccessUserSecondaryRelationAutoId | int | 4 |