Authorization after identity switching

After switching to another (target) identity, the authorizations of the target identity apply. The authorizations of the original (source) identity do no longer apply. The target identity cannot switch back to the original identity. If desired, this must be explicitly configured in the whitelist of the target identity.

Example

The API identity of the invoker is linked to role API_SVC_ROLE. The API identity of machine 1 is linked to role API_MACH_ROLE.

After the invoker has switched its identity to the API identity of machine 1, the authorizations of role API_MACH_ROLE apply. The authorizations of role API_SVC_ROLE do no longer apply.