How do you test security configurations before adding any real world users to the system?

LabKey Server uses "impersonation" to solve this problem. You can impersonate a role, a group, or an individual user, shifting perspective on LabKey Server, viewing it as if logged in as a given role, group, or user.

Impersonate Groups

To test the applications behavior, impersonate the groups in question, confirming that each group has access to the appropriate folders.

  • Navigate to the Lab A folder.
  • Select (User) > Impersonate > Group, then select Lab A Group and click Impersonate in the popup.
  • Open the project and folder menu.
  • Notice that the Lab B folder is no longer visible to you -- while you impersonate, adopting the group A perspective, you don't have the role assignments necessary to see folder B at all.
  • Click Stop Impersonating.
  • Then, using the (User) menu, impersonate "Lab B Group."
  • The server will return with the message "User does not have permission to perform this operation", because you are trying to see the Lab A folder while impersonating the Lab B group. If you don't see this message, you may have forgotten to remove site users or guests as Readers on the Lab A folder.
  • Click Stop Impersonating.

Related Topics

Previous Step | Next Step

Discussion

Was this content helpful?

Log in or register an account to provide feedback


previousnext
 
expand all collapse all