Impersonating a user - are they actually an admin user?

回答済み

フォローする

新規投稿

JohnSmiths

• 2020年05月26日 02:08

Using JWT Auth, I've impersonated some admin users and that worked well. 

 

However, I could not impersonate anyone with just the role "co-admin" (which is the most you can do creating new users through the Box API). 

 

Just wanted to confirm then, if the user is just a co-admin, can they still be impersonated (i.e. not have any of additional admin privileges assigned to them).

 

 

Also, is it possible to add any of these admin permissions through the Box API? 

0

• 

  bettaio

  • 2020年05月26日 02:43

   as far as I know this should work. What kind of error are you getting when trying to act as another user?

  0

  コメントアクション パーマリンク
• 

  JohnSmiths

  • 2020年05月26日 07:13

  Unfortunately, I was looking at it completely incorrectly. I'm not sure if the docs on this are clear or if it's just me.

   

  I was always under the impression that admin users were the only ones that can be impersonated with using JWT auth. As I was authenticating as the service account and impersonating them successfully but not normal managed users. 

   

  Turns out, you can authenticate (not impersonate) as an admin user and then impersonate (As-user) a normal managed user absolutely fine. A further spanner in the works was "restrict content creation" which made it appear as if I was unauthorised to impersonate (403 errors?) rather than what should probably be a validation error? 

   

  https://community.box.com/t5/Platform-and-Development-Forum/API-As-User-or-Client-token-Creating-Root-parentID-0-folders-403/m-p/31873#M1836

   

  Thanks for making me look at it from a fresh angle though, it was quite difficult to work with for a while. 

  0

  コメントアクション パーマリンク

サインインしてコメントを残してください。