Step 2: Test Security with Impersonation

Documentation
This topic is under construction for the 17.3 release of LabKey Server. For current documentation of this feature, click here.

How do you test security configurations before adding any real world users to the system?

LabKey Server uses "impersonation" to solve this problem. You can impersonate a role, a group, or an individual user, shifting perspective on LabKey Server, viewing it as if logged in as a given role, group, or user.

Impersonate Groups

To test the applications behavior, impersonate the groups in question, confirming that each group has access to the appropriate folders.

  • Navigate to the Lab A folder.
  • Select (User) > Impersonate > Group, then select Lab A Group and click Impersonate in the popup.
  • Open the project and folder menu.
  • Notice that the Lab B folder is no longer visible to you -- while you impersonate, adopting the group A perspective, you don't have the role assignments necessary to see folder B at all.
  • Using the (User) menu, stop impersonating, then switch to impersonating "Lab B Group."
  • The server will return with the message "User does not have permission to perform this operation", because you are trying to see the Lab A folder while impersonating the Lab B group. If you don't see this message, you may have forgotten to remove site users or guests as Readers on the Lab A folder.
  • Stop impersonating by clicking Stop Impersonating.

Previous Step | Next Step

Discussion

previousnext
 
expand all collapse all