Impersonation framework

The impersonation mechanism is available for calls to RESTful services, web applications, and web services. It is only available for calls authenticated with a client certificate.

The caller must have the correct grid internal roles to be able to perform impersonation:

  • grid-run-as-user - allows impersonation of the username.

  • grid-run-as-tenant - allows impersonation of the tenant.

    These roles can be combined to impersonate both username and tenant. This is the preferred setup for multi-tenant scenarios.