How do you test security configurations before adding any real world users to the system?
LabKey Server uses "impersonation" to solve this problem. You can impersonate a role, a group, or an individual user, shifting perspective on LabKey Server, viewing it as if logged in as a given role, group, or user.
Impersonate Groups
To test the applications behavior, impersonate the groups in question, confirming that each group has access to the appropriate folders.
- Navigate to the Lab A folder.
- Select (User) > Impersonate > Group, then select Lab A Group and click Impersonate in the popup.
- Open the project and folder menu.
- Notice that the Lab B folder is no longer visible to you -- while you impersonate, adopting the group A perspective, you don't have the role assignments necessary to see folder B at all.
- Click Stop Impersonating.
- Then, using the (User) menu, impersonate "Lab B Group."
- The server will return with the message "User does not have permission to perform this operation", because you are trying to see the Lab A folder while impersonating the Lab B group. If you don't see this message, you may have forgotten to remove site users or guests as Readers on the Lab A folder.
- Click Stop Impersonating.
Related Topics