Impersonation framework
The impersonation mechanism is available for calls to RESTful services, web applications, and web services. It is only available for calls authenticated with a client certificate.
The caller must have the correct grid internal roles to be able to perform impersonation:
-
grid-run-as-user - allows impersonation of the username.
-
grid-run-as-tenant - allows impersonation of the tenant.
These roles can be combined to impersonate both username and tenant. This is the preferred setup for multi-tenant scenarios.