Policy Server Guides › Policy Server Configuration Guide › Impersonation › Policy Server Objects for Impersonation › Configure Policies for Impersonation
Configure Policies for Impersonation
In order for impersonation to function correctly, multiple policies must be configured.
For the resource that initiates impersonation:
- Access control policy for both impersonators and impersonatees. For example, a policy that includes a GET access rule for both impersonators and impersonatees.
- Impersonation policy that includes an ImpersonationStart rule and impersonators.
- Impersonation policy that includes an ImpersonationStartUser rule and impersonatees.
For the resource to be accessed by the impersonator:
- Access control policy for impersonatees. For example, a policy that includes a GET access rule for impersonatees.
- Impersonation policy that includes an ImpersonationStart rule and impersonators.
- Impersonation policy that includes an ImpersonationStartUser rule and impersonatees.
Note: Policies must be in place for each resource that may be accessed by an impersonator.
The following figure shows the minimum policies required for an impersonator to access a resource: