"Become" Another User to Check Their Permissions by Using "Masquerade"
- Lauren Blais (Unlicensed)
- Laura P Rowan
- Stephanie Lynn
This is a beginner topic. Little to no advanced knowledge is required.
Overview
When a user on your site is having trouble, sometimes it is helpful to "become" them-- that is, temporarily impersonate their account-- to help you troubleshoot the difficulty. The web team uses this functionality all the time to ensure permissions are correct, or to fix incorrect settings.
Like the web team, unit administrators can temporarily impersonate other site users with Drupal's "Masquerade" functionality.
Note, "Masquerading" as someone does not give you access to their passwords and does not go beyond the realm of your site. For example, impersonating a faculty member who has an account on your Drupal site does not mean you can access their personal email, their personal website, or any other UGA application that they use.
Other Helpful Documentation
Before we begin, here's a doc to learn about roles and permissions. I also recommend another one called Seeing Who Has Access to Your Site which will talk about the user accounts list, mentioned in this doc.
This document will show you how to impersonate an account, but you won't be able to add user accounts or change permissions; it's a security risk. For that, you'll need to put in a ticket to the web team on the Franklin Helpdesk.
Table of Contents
Step One: Find the User Accounts List
Click on the "Shortcuts" link.
The white admin toolbar will change.
Click on the "View user accounts" link.
This will allow you to see all people who have an account on your website.
For more about this, read our Knowledge Base article about called seeing who has access to your site.
Notice the field at the top called "Masquerade." In my example, I'm going to pretend that one of my web committee members, Zora Neale Hurston, wants to be sure she can create Basic Pages on my site. I'm going to "become" her account as a way to check her permissions.
Step Two: If Needed, Figure out Their Username
If you aren't sure what someone's account is, you can search for their username. Check out our doc on Seeing Who Has Access to Your Site.
Step Three: Type All or Part of Their Username in the Field
Zora's myID and username on the site is "zhurston."
In the Masquerade field, I'm going to begin typing "zhurston." I notice the field auto completes.
I'll go ahead and click her name.
Now I can hit the "switch" button.
Step Four: Click Around and Check Permissions
Once I switch to her account, I get a "403 Error - Access Denied." This is ok.
It makes sense because Zora's permissions as a web committee member shouldn't allow her to view this user accounts page that I can see.
Notice at the top that the account name says "zhurston" now instead of "lblais."
On the white toolbar, I see the things that a person with a web committee role can do-- manage the main menu and add content.
When I click "add content," everything looks normal. Depending on the issue your user is having, you might want to test further by actually creating a Basic Page.
Step Five: Unmasquerading and Becoming Yourself Again
I can "Unmasquerade" and become myself at any time.
When I click "unmasquerade," I become myself-- "lblais"-- again, and all my regular permissions are restored.
Masquerading as Someone with a Personnel Role
You can also "masquerade" as users with the personnel account.
Notice that this account has less permissions than Zora who had the web committee role. I can only click on "content" or go back to the main site and find my personnel page.
'
When I click on content, I can see a list of content, but can't do anything with content that isn't mine.
Can Personnel Delete Content?
If you notice the "delete content" drop down under "action," this might cause you some worry for the person who has this account.
Because it seems like it is possible for them to delete any content on the site, like Julie McEver's personnel page shown below.
But if you as this test-personnel user were to hit "apply to selected items," you would actually be stopped from deleting the content.
Web committee members and unit administrators do have the power to delete content, so be careful as you are testing permissions, lest you remove something on accident.
Hit "unmasquerade" to become yourself again.
To manage any part of your web site, you will have to be logged into the Drupal CMS. If you need help logging in, please review this login help document.
Monday - Friday 8:00 a.m. - 5:00 p.m. Homepage & Directory Service Offerings Franklin OIT Status http://status.franklin.uga.edu/ Receive or Discontinue Status and Service Updates from Franklin OIT UGA/EITS Systems Status Pages https://www.facebook.com/uga.eits USG Systems Status PageContact the Franklin OIT Help Desk
Hours of Operation
Website Information
Systems Status Information