Scripting and Programming Guides › Scripting Guide for Perl › CLI Agent API Methods › User Methods › Impersonate Method—Allows One User to Impersonate Another

Impersonate Method—Allows One User to Impersonate Another

The Impersonate method allows one user to impersonate another user by logging in as that user. For example, a customer service representative can impersonate a customer to better understand a software problem that the customer is having.

Syntax

The Impersonate method has the following format:

Netegrity::AgentUser‑>Impersonate(username, resource)

Parameters

The Impersonate method accepts the following parameters:

username (string)

Specifies the ID of the user to impersonate.

resource (AgentResource object)

Specifies the resource to log in to.

Return Value

The Impersonate method returns one of the following values:

• SM_AGENTAPI_YES (value = 1)

  Specifies that the impersonation was successful.

• SM_AGENTAPI_NO (value = 2)

  Specifies that impersonation failed.

• SM_AGENTAPI_FAILURE (value = -1)

  Specifies that the operation failed.

• SM_AGENTAPI_TIMEOUT (value = -2)

  Specifies that the method timed out.

• SM_AGENTAPI_NOCONNECTION (value = -3)

  Specifies that initialization failed.

Remarks

The Impersonate method creates a new session without destroying the impersonator's original session. To end the impersonation session and restore the impersonator's original session, call AgentUser‑>Logout.

Only one user at a time can be impersonated. You cannot chain impersonation sessions.

Impersonation begins in a realm that is protected by the Impersonation Authorization Scheme. The impersonator must be authorized to impersonate users in the realm, and the user must be allowed to be impersonated in the realm.

For more information about user impersonation, see the Policy Design Guide.