-- SUMMARY --
The Masquerade module allows users to temporarily switch to another user
account. It keeps a record of the original user account, so users can easily
switch back to the previous account.
For a full description of the module, visit the project page:
http://drupal.org/project/masquerade
To submit bug reports and feature suggestions, or to track changes:
http://drupal.org/project/issues/masquerade
-- REQUIREMENTS --
None.
-- INSTALLATION --
* Install as usual, see
http://drupal.org/documentation/install/modules-themes/modules-8
* Grant the "Masquerade as another user" permission to the desired roles.
-- SECURITY --
* Masquerade's built-in access control mechanism has been designed to be simple,
smart, and secure by default:
- Users without the masquerade permission are not allowed to masquerade.
- Uid 1 may masquerade as anyone. No one can masquerade as uid 1.
- If you have the identical permissions as the target user (or additional
permissions), you are allowed to masquerade.
- Otherwise, access to masquerade as the target user is denied.
This means that Masquerade's built-in access control does not allow any kind
of privilege escalation. It is safe to grant the masquerade permission to
user roles. Users are never able to exceed their privileges by masquerading
as someone else.
* More fine-grained access control (e.g., role-per-role, per-user, blacklist)
may be supplied by separate add-on modules for Masquerade.
-- FEATURES AND INTEGRATION --
* The Masquerade module provides and aims for a deep integration with the
built-in user interface of Drupal core and popular contributed administration
interface modules:
- Contextual links (core)
- Toolbar (core)
- Administration menu (http://drupal.org/project/admin_menu)
* Aside from its user permission, the Masquerade module aims for a smart and
intuitive integration that does not require any configuration. Its design and
architecture tries to meet the expectations of these user stories:
- This is helpful. Even though I don't know whether I'll actually need it.
- This is secure. 100% test coverage for the limited functionality it provides.
- This isn't bloat. Super small, dead simple, focused on the >80% task.
- This is friendly. Available when I need it, close to "zero-conf", and has
absolutely no other UI implications.
* Masquerading as Anonymous user is intentionally not supported. Likewise, more
granular user permissions and other custom plumbing needs to be implemented in
separate modules instead.
-- CONTACT --
Current maintainers:
* Daniel F. Kudwien (sun) - http://drupal.org/user/54136
* Andrey Postnikov (andypost) - http://drupal.org/user/118908
View source
-
- -- SUMMARY --
-
- The Masquerade module allows users to temporarily switch to another user
- account. It keeps a record of the original user account, so users can easily
- switch back to the previous account.
-
- For a full description of the module, visit the project page:
- http://drupal.org/project/masquerade
-
- To submit bug reports and feature suggestions, or to track changes:
- http://drupal.org/project/issues/masquerade
-
-
- -- REQUIREMENTS --
-
- None.
-
-
- -- INSTALLATION --
-
- * Install as usual, see
- http://drupal.org/documentation/install/modules-themes/modules-8
-
- * Grant the "Masquerade as another user" permission to the desired roles.
-
-
- -- SECURITY --
-
- * Masquerade's built-in access control mechanism has been designed to be simple,
- smart, and secure by default:
-
- - Users without the masquerade permission are not allowed to masquerade.
- - Uid 1 may masquerade as anyone. No one can masquerade as uid 1.
- - If you have the identical permissions as the target user (or additional
- permissions), you are allowed to masquerade.
- - Otherwise, access to masquerade as the target user is denied.
-
- This means that Masquerade's built-in access control does not allow any kind
- of privilege escalation. It is safe to grant the masquerade permission to
- user roles. Users are never able to exceed their privileges by masquerading
- as someone else.
-
- * More fine-grained access control (e.g., role-per-role, per-user, blacklist)
- may be supplied by separate add-on modules for Masquerade.
-
-
- -- FEATURES AND INTEGRATION --
-
- * The Masquerade module provides and aims for a deep integration with the
- built-in user interface of Drupal core and popular contributed administration
- interface modules:
-
- - Contextual links (core)
- - Toolbar (core)
- - Administration menu (http://drupal.org/project/admin_menu)
-
- * Aside from its user permission, the Masquerade module aims for a smart and
- intuitive integration that does not require any configuration. Its design and
- architecture tries to meet the expectations of these user stories:
-
- - This is helpful. Even though I don't know whether I'll actually need it.
- - This is secure. 100% test coverage for the limited functionality it provides.
- - This isn't bloat. Super small, dead simple, focused on the >80% task.
- - This is friendly. Available when I need it, close to "zero-conf", and has
- absolutely no other UI implications.
-
- * Masquerading as Anonymous user is intentionally not supported. Likewise, more
- granular user permissions and other custom plumbing needs to be implemented in
- separate modules instead.
-
-
- -- CONTACT --
-
- Current maintainers:
- * Daniel F. Kudwien (sun) - http://drupal.org/user/54136
- * Andrey Postnikov (andypost) - http://drupal.org/user/118908
