Page MenuHomePhabricator

Support "Login As" functionality for Administrators
Closed, WontfixPublic


As administrator it would be great to be able to login as any other user to see/do stuff on his behalf. Link Login As on url would be great.

In particular some users, that were fired from the company left some draft inline comments (added inline comment, but haven't pressed Submit button on commit page). I just want to press that button on their behalf for inline comments to go live.

Event Timeline

aik099 raised the priority of this task from to Needs Triage.
aik099 updated the task description. (Show Details)
aik099 added a subscriber: aik099.

I see your good intentions, but... This sounds like a massive invasion of privacy?

Of course if Phabricator is used on an OpenSource project, then you're right @qgil.

But in particular case the users on that Phabricator instance were company employees, so whatever they were doing in Phabricator is company right to know.

The Login As functionality would also allow for Administrator to better see what any individual user can see/do when he loggs-in into Phabricator. For example as instance administrator I can see/do all, but I can't know if a particular user have ability to do something with his current rights.

Instead of taking user time and asking him to do this and that I'd better login as he and see/fix stuff by myself.

epriestley claimed this task.

We never plan to support this in the upstream. It's intentional that administrators have severe limits to their power, and particularly do not have the power to impersonate other users or bypass policies. "Login As" would give them both of these powers, in effect. See:

Thanks for detailed explanation.

I always was surprised how come, that administrators can't edit anything anywhere as happens with other websites. You can close this ticket now then.

I think it would be useful if there is not a "login as" to atleast test objects based on specific usernames.

Similar to the "test" mechanism for "heralding" when you apply rules, you know that they are targeted correctly and that they work. This would allow you to properly assign privileges based on spaces or based on any access control.

I agree with the general understanding of Adminstrators not being in absolute power.
But then again, it would be useful to be able to have a way to test the effective policies applied to a given user.

Although this might not be quite straight-forward to implement, but the IMHO ideal solution would be a "view Phabricator as user $FOO" which would:

  • not allow to actually change/submit any content post-action, so the forms would all reflect the possible actions while actually submitting them would be rejected
  • possibly even "censor" restricted content and replace it with placeholders