Expand my Community achievements bar.

Join us in celebrating the outstanding achievement of our AEP Community Member of the Year!

Impersonate Users in AEP

Avatar

Level 1

12/23/24

Description

Given the extensive/specific new facets of AEP and being able to have near limitless governance by Labels, its not sustainable to always give someone an access group or policy and assume that they won't accidentally see a field that they shouldn't have access to.  It would be great if we could "borrow" the same functionality that exists in AEM to log into AEP as a specific user to double check what they can see and do in AEP

 

Why is this feature important to you

This would add a great measure of being able to audit users in an AEP tenant.  Our business uses Federated SSO and prohibits the granting of Personal Adobe IDs to Admin Console; this makes sure that only one person can only have one login.  This means in order to test is a policy is actually enforcing what it should, it requires 2 admins.  One to downgrade the other's access and another to do the actual test.

 

How would you like the feature to work

I personally would find it organic to go into AEP Permissions and select a user from that tool to impersonate and make sure that they can only see the right tools, fields and data sets.  But I can also see this being functional from Admin Console as well.

 

Current Behaviour

As of today, we need to either ask the affected user/agency, that would personally benefit to having MORE access to our Platform data than LESS, to "confirm" that they only see what they need to see or would need 2 admins to spot check this by assigning the new policy to test in a controlled manner.