You are here

README.txt in Masquerade 8.2

Same filename and directory in other branches
  1. 6 README.txt
  2. 7 README.txt
-- SUMMARY --

The Masquerade module allows users to temporarily switch to another user
account. It keeps a record of the original user account, so users can easily
switch back to the previous account.

For a full description of the module, visit the project page:
  http://drupal.org/project/masquerade

To submit bug reports and feature suggestions, or to track changes:
  http://drupal.org/project/issues/masquerade


-- REQUIREMENTS --

None.


-- INSTALLATION --

* Install as usual, see
  http://drupal.org/documentation/install/modules-themes/modules-8

* Grant the "Masquerade as another user" permission to the desired roles.


-- SECURITY --

* Masquerade's built-in access control mechanism has been designed to be simple,
  smart, and secure by default:

  - Users without the masquerade permission are not allowed to masquerade.
  - Uid 1 may masquerade as anyone.  No one can masquerade as uid 1.
  - If you have the identical permissions as the target user (or additional
    permissions), you are allowed to masquerade.
  - Otherwise, access to masquerade as the target user is denied.

  This means that Masquerade's built-in access control does not allow any kind
  of privilege escalation.  It is safe to grant the masquerade permission to
  user roles.  Users are never able to exceed their privileges by masquerading
  as someone else.

* More fine-grained access control (e.g., role-per-role, per-user, blacklist)
  may be supplied by separate add-on modules for Masquerade.


-- FEATURES AND INTEGRATION --

* The Masquerade module provides and aims for a deep integration with the
  built-in user interface of Drupal core and popular contributed administration
  interface modules:

  - Contextual links (core)
  - Toolbar (core)
  - Administration menu (http://drupal.org/project/admin_menu)

* Aside from its user permission, the Masquerade module aims for a smart and
  intuitive integration that does not require any configuration.  Its design and
  architecture tries to meet the expectations of these user stories:

  - This is helpful. Even though I don't know whether I'll actually need it.
  - This is secure. 100% test coverage for the limited functionality it provides.
  - This isn't bloat. Super small, dead simple, focused on the >80% task.
  - This is friendly. Available when I need it, close to "zero-conf", and has
    absolutely no other UI implications.

* Masquerading as Anonymous user is intentionally not supported. Likewise, more
  granular user permissions and other custom plumbing needs to be implemented in
  separate modules instead.


-- CONTACT --

Current maintainers:
* Daniel F. Kudwien (sun) - http://drupal.org/user/54136
* Andrey Postnikov (andypost) - http://drupal.org/user/118908

File

README.txt
View source
  1. -- SUMMARY --
  2. The Masquerade module allows users to temporarily switch to another user
  3. account. It keeps a record of the original user account, so users can easily
  4. switch back to the previous account.
  5. For a full description of the module, visit the project page:
  6. http://drupal.org/project/masquerade
  7. To submit bug reports and feature suggestions, or to track changes:
  8. http://drupal.org/project/issues/masquerade
  9. -- REQUIREMENTS --
  10. None.
  11. -- INSTALLATION --
  12. * Install as usual, see
  13. http://drupal.org/documentation/install/modules-themes/modules-8
  14. * Grant the "Masquerade as another user" permission to the desired roles.
  15. -- SECURITY --
  16. * Masquerade's built-in access control mechanism has been designed to be simple,
  17. smart, and secure by default:
  18. - Users without the masquerade permission are not allowed to masquerade.
  19. - Uid 1 may masquerade as anyone. No one can masquerade as uid 1.
  20. - If you have the identical permissions as the target user (or additional
  21. permissions), you are allowed to masquerade.
  22. - Otherwise, access to masquerade as the target user is denied.
  23. This means that Masquerade's built-in access control does not allow any kind
  24. of privilege escalation. It is safe to grant the masquerade permission to
  25. user roles. Users are never able to exceed their privileges by masquerading
  26. as someone else.
  27. * More fine-grained access control (e.g., role-per-role, per-user, blacklist)
  28. may be supplied by separate add-on modules for Masquerade.
  29. -- FEATURES AND INTEGRATION --
  30. * The Masquerade module provides and aims for a deep integration with the
  31. built-in user interface of Drupal core and popular contributed administration
  32. interface modules:
  33. - Contextual links (core)
  34. - Toolbar (core)
  35. - Administration menu (http://drupal.org/project/admin_menu)
  36. * Aside from its user permission, the Masquerade module aims for a smart and
  37. intuitive integration that does not require any configuration. Its design and
  38. architecture tries to meet the expectations of these user stories:
  39. - This is helpful. Even though I don't know whether I'll actually need it.
  40. - This is secure. 100% test coverage for the limited functionality it provides.
  41. - This isn't bloat. Super small, dead simple, focused on the >80% task.
  42. - This is friendly. Available when I need it, close to "zero-conf", and has
  43. absolutely no other UI implications.
  44. * Masquerading as Anonymous user is intentionally not supported. Likewise, more
  45. granular user permissions and other custom plumbing needs to be implemented in
  46. separate modules instead.
  47. -- CONTACT --
  48. Current maintainers:
  49. * Daniel F. Kudwien (sun) - http://drupal.org/user/54136
  50. * Andrey Postnikov (andypost) - http://drupal.org/user/118908