Impersonate a user

When working on user roles, permissions or teams, you might want to test the outcome without creating new users.

This can be done by impersonating a user, which means you switch to a real existing account.

As this feature is potentially dangerous, it is deactivated and needs configuration file changes to activate it.

Activate

You need to adjust the application firewall and user role settings. Open the file config/packages/security.yaml and add the following line to the secured_area firewall:

switch_user: true

It must look like this:

security:
    # ...
    firewalls:
        dev:
            # ...
        secured_area:
            # ...
            switch_user: true
            # ...

This activates the feature. Now adjust the super admin role, so it has the special role ROLE_ALLOWED_TO_SWITCH:

security:
    # ...
    role_hierarchy:
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

Finally refresh your cache:

bin/console cache:clear --env=prod
bin/console cache:warmup --env=prod

FTP users: please have a look at this documentation.

To switch to another user, add a query string with the _switch_user parameter and the username as the value to the current URL (you must be logged-in as a super admin to use this feature):

https://example.com/en/dashboard/?_switch_user=anna_admin

To switch back to the original user, use the special _exit username:

https://example.com/en/dashboard/?_switch_user=_exit

To deactivate the feature again, simply revert your config changes and refresh the application cache again:

bin/console cache:clear --env=prod
bin/console cache:warmup --env=prod

FTP users: please have a look at this documentation.

See also