Impersonation framework

The impersonation mechanism is available for calls to RESTful services, web applications, and web services. It is only available for calls authenticated with a client certificate.

The caller must have the correct grid internal roles to be able to perform impersonation:

• grid-run-as-user - allows impersonation of the username.

• grid-run-as-tenant - allows impersonation of the tenant.

  These roles can be combined to impersonate both username and tenant. This is the preferred setup for multi-tenant scenarios.