Step 2: Test Security with Impersonation

Documentation
How do you test security configurations before adding any real world users to the system?

LabKey Server uses "impersonation" to solve this problem. You can impersonate a role, a group, or an individual user, shifting perspective on LabKey Server, viewing it as if logged in as a given role, group, or user.

Impersonate Groups

To test the applications behavior, impersonate the groups in question, confirming that each group has access to the appropriate folders.

  • Navigate to the Lab A folder.
  • Select (User) > Impersonate > Group, then select Lab A Group and click Impersonate in the popup.
  • Open the project and folder menu.
  • Notice that the Lab B folder is no longer visible to you -- while you impersonate, adopting the group A perspective, you don't have the role assignments necessary to see folder B at all.
  • Click Stop Impersonating.
  • Then, using the (User) menu, impersonate "Lab B Group."
  • The server will return with the message "User does not have permission to perform this operation", because you are trying to see the Lab A folder while impersonating the Lab B group. If you don't see this message, you may have forgotten to remove site users or guests as Readers on the Lab A folder.
  • Click Stop Impersonating.

Related Topics

Previous Step | Next Step

Discussion

previousnext
 
expand all collapse all