How to Impersonate a user

mdykstra · November 6, 2020, 1:37pm

My app has many users who all have their own dashboard that contains their records.

In many cases, an admin needs to help a user and it would be really helpful for them to see their dashboard.

I’ve used other apps where you can impersonate a user and am wondering if anyone has any ideas on how to do so.

Thank you!

WilliamPorter · November 6, 2020, 8:16pm

Tadabase doesn’t have an “Impersonate User” command the way, say, Stacker.app does. It’s a nifty feature in Stacker, but I don’t think the lack of it in Tadabase is a problem.

Here are some ways I might deal with this, ranked from easiest to hardest.

Ask user for screenshot or ask for screensharing session. The previous suggestion might be useful if user has urgent problem that seems to be specific to their personal account. But most of the time, if that’s the case, either a screenshot from them or a screensharing session would allow me to diagnose the problem without needing to log in as them. (Just did that this morning.)
Create temp (or permanent) developer accounts for various user roles. Most problems aren’t specific to a particular user but rather to a role. If Larry, a user whose role is “Sales”, has a problem, I’d probably just create a temp login for myself in that role, and login using those credentials. (See below.)
Change user’s passphrase and log in as them. Not necessary to ask user to share passphrase/password with me. As developer, I can change it in the Users table, go in, see what they’re seeing – and when we’re done talking or I’m done looking at the database logged in as them, I just tell them they need to log out and reset their password to whatever it was before. This of course presumes that you’ve enabled password-reset for your users in this app.

Suggestion #2 is necessary during development so you can test using different roles. Above I suggested creating a temp account in the Sales role, but truth is, I almost always have permanent developer test accounts for the different roles.

I’m thinking of adding a Help button to my menus that would open a Help form where users could explain their problem and possibly upload a screenshot; and when they submit, the record would get emailed to me and to the user.

William

mdykstra · November 10, 2020, 8:19pm

Good ideas. Thank you!

moe · November 11, 2020, 5:14am

That’s great advice. I think there are libraries that can even help with screenshots. For example, in our support popup there is a screenshot that automatically takes a screenshot of current page and sends it along with the rest of the ticket.

As far as Tadabase adding user impersonation as a built in capability - I don’t see this as something we intend to do. I do appreciate how this can be beneficial, however, it would be a monumental task and opens some potential for security vulnerabilities. Logging will also become complicated especially when compliance (HIPAA) is a must we’ll have to log the impersonator and the user which can be quite tricky.

WilliamPorter · November 13, 2020, 3:39am

For what it’s worth, this makes good sense to me, Moe.