Impersonate Function for Joomla

[rdeutz]

I want to hear some thoughts about a impersonate function for joomla5. It would allow backend users to login under a different user account in the frontend. This can be very helpful if you have a large site and your users tell you that something is not working for them.

Implementation:

• New Button in the user view of the backend, select a user and you get logged in for the frotend.
• Create an entry in the privacy component that a "admin" has logged in over the impersonate function for user X

Problems:

• Sharing session will not be possible to use that function.
• ACL, you should not be able to login as a user with more rights, e.g Managers should not be able to login as superusers.

Is this something people want to have in Joomla core?

Note: I am aware that 3rd extensions are available for this but I think it is better to have this in core.

[crystalenka]

Having it in core would be interesting, maybe. It's definitely a feature which would be aimed at agencies/site integrators who manage sites on behalf of someone else; I see it as less applicable for self managed site owners (but I could be wrong?)

My concern goes also to security, not necessarily about access but about a bad-faith actor creating a false paper trail or something like that. Would we limit actions when impersonating? Or record activity when impersonating with a special note? What if the activity log plugin is disabled?

I don't have the answers to that but I believe it's something we should consider carefully when discussing the possibility.

That being said, I'd probably use it a lot.

[micker]

hello as i know that already exist with skeleton plugin by @nikosdion https://github.com/akeeba/skeletonkey

[bembelimen]

One of the biggest challenges here is for really big company sites (which are most likely ISO certificated): you need full traceability. Which means every change needs to be tracked. Especially when something is broken or private data is published (data breach). So if this feature is integrated it needs a full integration of e.g. the actionlog component including the distinction if the regular user did that task or the admin user (especially if both are logged in at the same time).

[brianteeman]

There are several extensions that do this and they've existed for very many years

[dgrammatiko]

“Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”

― Antoine de Saint-Exupéry, Airman's Odyssey

Joomla should go lean instead of keep adding more bloat, my 2c...

[chmst]

I think that only very few installations can take benefit from this. For "normal users" it is one more feature they don't need or understand. From maintainers point of it is one of the features where we have for all times to be
very attentive at every change. So personally prefer no integration into the core.

[StefanSTS]

I love that feature in VirtueMart to generate orders for others. Because of this I use VirtueMart as my invoice system.

But adding this to J core will add a functionality for probably less than 5% of the users.
Those things would be nice to have in a "Native Joomla Extension" directory.
A list of modules, plugins and extensions that are made by the Joomla team and which you can tick on Joomla install or later.
Yes, no system like that here yet, probably because it would be too complicated to maintain and the discussion that those non-fixed extensions might get lesser attention by the maintainers.

[rdeutz]

Thanks for the different views, I am going to close it.