Skip to main content

Administrator's Guide

LogicalDOC is an advanced system that allows you to handle a large volume of data. Once installed, you will be able to configure customize it in order to maximize the benefits from your installation.

This manual is intended for use by the administrators and power users who are responsible for implementing the system to meet the needs of the entire organization. This section provides the guidance that is needed in order to configure the LogicalDOC system.

 

Impersonation

The Impersonation feature allows a user to operate on behalf of another user, provided that explicit authorization has been granted.

This mechanism is useful where one user needs to act with the permissions and identity of another.

Authorization Rules

Impersonation is disabled by default.

A user can impersonate another user only if the impersonating user is included in the target user’s Allowed Impersonators list.
 
To enable impersonation, the target user must configure the appropriate permissions:
Navigate to Account > Security > Allowed Impersonators
Here, it is possible to define one or more impersonators.
Add one or more users to the list of allowed impersonators

Only users included in this list will be authorized to act on behalf of the target user.

How It Works

Once granted access, the allowed impersonator can log in in place of another user.

The core of the Impersonation process is handled during the authentication phase.
A user can request impersonation by appending the target username to their own identifier using a special separator: >

Example:
giuseppe>admin

In this case:

  • giuseppe is the authenticating user
  • admin is the user being impersonated

Authentication Flow

During authentication, the system checks whether impersonation has been requested:

If the username contains >, it is split into:

  • real username
  • impersonated username

In the same way, if you connect through an API key you can impersonate someone else by appending his username after the > symbol:

E.g.: If you are giuseppe and your API Key is ld-5fb5898fa9eb99 then you can impersonate admin by using ld-5fb5898fa9eb99>admin

In any case:

  • The system always authenticates the real user (giuseppe)
  • If authentication succeeds, impersonation logic is applied
  • The system attempts to load the target user (admin)
  • Authorization is verified
  • All subsequent operations will be taken in the name of the impersonated user

Impersonation Evidence

To verify actions taken by impersonators, select the document and open the History tab. Add the Impersonator column by right-clicking the table header and selecting Columns > Impersonator.

This selection shows if an impersonator performed an action on the document.