Table of contents

When working on user roles, permissions or teams, you might want to test the outcome without creating new users.

This can be done by impersonating a user, which means you switch to a real existing account.

As this feature is potentially dangerous, it is deactivated and needs configuration file changes to activate it.

Activate

You need to adjust the application firewall and user role settings. Open the file config/packages/security.yaml and add the following line to the secured_area firewall:

switch_user: true

It must look like this:

security:
    # ...
    firewalls:
        dev:
            # ...
        secured_area:
            # ...
            switch_user: true
            # ...

This activates the feature. Now adjust the super admin role, so it has the special role ROLE_ALLOWED_TO_SWITCH:

security:
    # ...
    role_hierarchy:
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

Finally refresh your cache:

How to reload Kimai cache

bin/console kimai:reload --env=prod

It is not advised, but in case the above command fails you could try:

rm -r var/cache/prod/*

To switch to another user, add a query string with the _switch_user parameter and the username as the value to the current URL (you must be logged-in as a super admin to use this feature):

https://example.com/en/dashboard/?_switch_user=anna_admin

To switch back to the original user, use the special _exit username:

https://example.com/en/dashboard/?_switch_user=_exit

To deactivate the feature again, simply revert your config changes and refresh the application cache again:

How to reload Kimai cache

bin/console kimai:reload --env=prod

It is not advised, but in case the above command fails you could try:

rm -r var/cache/prod/*

See also