Impersonate Functionality - Become User

Hi There,

Is there any functionality in ERPNext where it allows system administrator to login as another user (Impersonate Functionality or Become User)? This will be helpful when you are trying to support or replicate certain issues raised by the user.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un...@googlegroups.com.

To post to this group, send email to er...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/9d61e989-8457-4431-a4c3-064e76e38918%40googlegroups.com?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

Mayur,

This can be achieved using a "master" password / backdoor. But would that not create a security issue in the long run?

There are usually other (but slightly more painful) ways of replicating issues...

best,
Rushabh


On Tue, Jun 4, 2013 at 10:34 PM, MP <ma...@gmail.com> wrote:
Hi There,

Is there any functionality in ERPNext where it allows system administrator to login as another user (Impersonate Functionality or Become User)? This will be helpful when you are trying to support or replicate certain issues raised by the user.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

To post to this group, send email to er…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/9d61e989-8457-4431-a4c3-064e76e38918%40googlegroups.com?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.












Twitter: @rushabh_mehta



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un...@googlegroups.com.

To post to this group, send email to er...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/CANn8SW%2BYORApAQAD0TUpShtjtSNvkGpuGgE5u_cHDyA_JxVMTw%40mail.gmail.com?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

Hi Rushabh,

Is there already a master password facility? As for the security, this is only available to the system user and not to any other user. In some applications, I have seen a link called “Become User” on User Profile page which is only visible to administrator user, so when an administrator clicks on it, it logs out the current administrator, and automatically logs him back as the selected user. This doesn’t use any master password.

Kind regards,
Mayur Patel

On Tuesday, June 4, 2013 6:04:09 PM UTC+1, MP wrote:

Hi There,

Is there any functionality in ERPNext where it allows system administrator to login as another user (Impersonate Functionality or Become User)? This will be helpful when you are trying to support or replicate certain issues raised by the user.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un...@googlegroups.com.

To post to this group, send email to er...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/a13a23b7-45f2-4eb7-ab73-37e131d7fb71%40googlegroups.com?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

Mayur,

There is no such facility at the moment. We usually have a test system to replicate such issues and it works for us. Not very excited about having a backdoor.

best,
Rushabh


W: https://erpnext.com
T: @rushabh_mehta

On 05-Jun-2013, at 1:11 PM, MP <ma...@gmail.com> wrote:

Hi Rushabh,

Is there already a master password facility? As for the security, this is only available to the system user and not to any other user. In some applications, I have seen a link called "Become User" on User Profile page which is only visible to administrator user, so when an administrator clicks on it, it logs out the current administrator, and automatically logs him back as the selected user. This doesn't use any master password.

Kind regards,
Mayur Patel

On Tuesday, June 4, 2013 6:04:09 PM UTC+1, MP wrote:
Hi There,

Is there any functionality in ERPNext where it allows system administrator to login as another user (Impersonate Functionality or Become User)? This will be helpful when you are trying to support or replicate certain issues raised by the user.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

To post to this group, send email to er…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/a13a23b7-45f2-4eb7-ab73-37e131d7fb71%40googlegroups.com?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

 

 




You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un...@googlegroups.com.

To post to this group, send email to er...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/90CC570C-BC77-424F-A9D9-AC5B3F4A6EAA%40erpnext.com?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

Hi Rushabh,

This is for your information. Since we can access to encrypted password from the database, we have changed the code in auth.py to alllow access based on either password or encrypted password. So this way user can continue to login using their password and we as an administrator can login with users’ encrypted password from the database. I know it is not an elegant solution but this allows us to login as the other user.

Kind regards,
Mayur Patel

On Wednesday, June 5, 2013 4:48:19 PM UTC+1, rushabh wrote:

Mayur,

There is no such facility at the moment. We usually have a test system to replicate such issues and it works for us. Not very excited about having a backdoor.

best,
Rushabh


W: https://erpnext.com
T: @rushabh_mehta

On 05-Jun-2013, at 1:11 PM, MP <ma...@gmail.com> wrote:

Hi Rushabh,

Is there already a master password facility? As for the security, this is only available to the system user and not to any other user. In some applications, I have seen a link called "Become User" on User Profile page which is only visible to administrator user, so when an administrator clicks on it, it logs out the current administrator, and automatically logs him back as the selected user. This doesn't use any master password.

Kind regards,
Mayur Patel

On Tuesday, June 4, 2013 6:04:09 PM UTC+1, MP wrote:
Hi There,

Is there any functionality in ERPNext where it allows system administrator to login as another user (Impersonate Functionality or Become User)? This will be helpful when you are trying to support or replicate certain issues raised by the user.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

To post to this group, send email to erpnext-dev…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/a13a23b7-45f2-4eb7-ab73-37e131d7fb71%40googlegroups.com?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

 

 




Note:

 

If you are posting an issue,

  1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un...@googlegroups.com.

    For more options, visit https://groups.google.com/groups/opt_out.

     

     
Hello!

See, it may be easier to incorporate an external tool, rather than modifying the core application.

The mozilla, has a project called towtruck, which allows the sharing of a page between users.

Yet we must use it one day but if the need arises, I’ll use the same, for reasons of security risk, and ease of incorporation.




2013/7/19 MP <ma...@gmail.com>

Hi Rushabh,

This is for your information. Since we can access to encrypted password from the database, we have changed the code in auth.py to alllow access based on either password or encrypted password. So this way user can continue to login using their password and we as an administrator can login with users' encrypted password from the database. I know it is not an elegant solution but this allows us to login as the other user.


Kind regards,
Mayur Patel



On Wednesday, June 5, 2013 4:48:19 PM UTC+1, rushabh wrote:

Mayur,

There is no such facility at the moment. We usually have a test system to replicate such issues and it works for us. Not very excited about having a backdoor.

best,
On 05-Jun-2013, at 1:11 PM, MP <ma...@gmail.com> wrote:

Hi Rushabh,

Is there already a master password facility? As for the security, this is only available to the system user and not to any other user. In some applications, I have seen a link called "Become User" on User Profile page which is only visible to administrator user, so when an administrator clicks on it, it logs out the current administrator, and automatically logs him back as the selected user. This doesn't use any master password.


Kind regards,
Mayur Patel

On Tuesday, June 4, 2013 6:04:09 PM UTC+1, MP wrote:

Hi There,


Is there any functionality in ERPNext where it allows system administrator to login as another user (Impersonate Functionality or Become User)? This will be helpful when you are trying to support or replicate certain issues raised by the user.


Kind regards,
Mayur Patel




You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.


To post to this group, send email to erpnext-dev…@googlegroups.com.



Note:



If you are posting an issue,

  1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.



    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.





--


Maxwell Morais

(+55 11) 3931-1412 Ramal 31
www.realizemodulados.com.br



Note:

 

If you are posting an issue,

  1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un...@googlegroups.com.

    For more options, visit https://groups.google.com/groups/opt_out.

     

     
I suppose it is similar to using Chrome Remote Desktop or team viewer. 

Sent from my phone

On 19-Jul-2013, at 7:49 PM, Maxwell Morais <ma...@gmail.com> wrote:

Hello!

See, it may be easier to incorporate an external tool, rather than modifying the core application.

The mozilla, has a project called towtruck, which allows the sharing of a page between users.

Yet we must use it one day but if the need arises, I’ll use the same, for reasons of security risk, and ease of incorporation.




2013/7/19 MP <ma...@gmail.com>

Hi Rushabh,

This is for your information. Since we can access to encrypted password from the database, we have changed the code in auth.py to alllow access based on either password or encrypted password. So this way user can continue to login using their password and we as an administrator can login with users’ encrypted password from the database. I know it is not an elegant solution but this allows us to login as the other user.


Kind regards,
Mayur Patel



On Wednesday, June 5, 2013 4:48:19 PM UTC+1, rushabh wrote:

Mayur,

There is no such facility at the moment. We usually have a test system to replicate such issues and it works for us. Not very excited about having a backdoor.

best,
On 05-Jun-2013, at 1:11 PM, MP <ma...@gmail.com> wrote:

Hi Rushabh,

Is there already a master password facility? As for the security, this is only available to the system user and not to any other user. In some applications, I have seen a link called "Become User" on User Profile page which is only visible to administrator user, so when an administrator clicks on it, it logs out the current administrator, and automatically logs him back as the selected user. This doesn't use any master password.


Kind regards,
Mayur Patel

On Tuesday, June 4, 2013 6:04:09 PM UTC+1, MP wrote:

Hi There,


Is there any functionality in ERPNext where it allows system administrator to login as another user (Impersonate Functionality or Become User)? This will be helpful when you are trying to support or replicate certain issues raised by the user.


Kind regards,
Mayur Patel




You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.


To post to this group, send email to erpnext-dev…@googlegroups.com.



Note:

 

If you are posting an issue,

  1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--


Maxwell Morais

(+55 11) 3931-1412 Ramal 31
 www.realizemodulados.com.br



Note:

 

If you are posting an issue,

  1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

    For more options, visit https://groups.google.com/groups/opt_out.

     

     



Note:

 

If you are posting an issue,

  1. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  2. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  3. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un...@googlegroups.com.

    For more options, visit https://groups.google.com/groups/opt_out.