VMware

Log Insight 3.6: User Impersonation

by Steve Flanders

Log Insight 3.6 offers several tech preview features. In this post, I would like to cover the user impersonation feature. Read on to learn more!
li-logo

Background

On of the most requested features on the Log Insight community is the ability for Super Admin users to be able to disabled/edit/delete other users alerts. The use-case typically goes something like this:

A user created an alert incorrectly and now it is spamming an email distribution list. They are on vacation and we need to disable it. How can we do it?

Prior to Log Insight 3.6 you only had two supported options and neither were desirable:

  1. You knew the users password and logged in as them
  2. You deleted the user from /admin/users — this meant you permanently deleted all of the users saved content!!!

Proposal

As a proposal to solve this problem, Log Insight introduced a tech preview feature in 3.6 called user impersonation.

WARNING: Tech Preview features are NOT supported, NOT documented, and MAY BE CHANGED OR REMOVED from a future release of the product.

Since the feature is tech preview, you must explicitly enable the feature on the /admin/general page:
li-36-enable-impersonate
Once this is done, navigate to the /admin/users page and select the pencil icon next to a user you would like to impersonate. When you do you will notice an Impersonate button:
li-36-impersonate
Selecting this button will present you with more information before logging you in as that user:
li-36-impersonate2
You will notice that the username in the top navigation bar changes to indicate not only what user you are, but that you are impersonating:
li-36-impersonate-username
From here you can make changes as if you were that user. Now of course this could be considered a security issue. Log Insight handles this by logging all impersonation requests in ui_runtime.log. For example:

[2016-11-02 00:51:38.817+0000] [“http-nio-443-exec-3″/192.168.1.25 INFO] [com.vmware.loginsight.web.actions.misc.LoginActionBean] [User ‘Local User: Name=admin2’ impersonating user ‘Local User: Name=nsx’]

Also, all UI actions performed are logged to ui.log.

Summary

As you can see, this tech preview feature addresses a need requested by multiple Log Insight customers. The feature is easy to enable and try out. Let me know your thoughts in the comments!

© 2016, Steve Flanders. All rights reserved.

Steve Flanders

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top