Step 2: Test Security with Impersonation

2024-03-29

How do you test security configurations before adding any real world users to the system?

LabKey Server uses impersonation to solve this problem. An administrator can impersonate a role, a group, or an individual user. When impersonating, they shift their perspective on LabKey Server, viewing it as if they were logged in as a given role, group, or user. All such impersonations are logged, so that there is no question later who actually performed any action.

Impersonate Groups

To test the applications behavior, impersonate the groups in question, confirming that each group has access to the appropriate folders.

  • Navigate to the Lab A folder.
  • Select (User) > Impersonate > Group, then select Lab A Group and click Impersonate in the popup.
  • Open the project and folder menu.
  • Notice that the Lab B folder is no longer visible to you -- while you impersonate, adopting the group A perspective, you don't have the role assignments necessary to see folder B at all.
  • Click Stop Impersonating.
  • Then, using the (User) menu, impersonate "Lab B Group."
  • The server will return with the message "User does not have permission to perform this operation", because you are trying to see the Lab A folder while impersonating the Lab B group. If you don't see this message, you may have forgotten to remove site users or guests as Readers on the Lab A folder.
  • Click Stop Impersonating.

Related Topics

Previous Step | Next Step (3 of 4)