Closed kwin closed 2 months ago
Further information in https://jackrabbit.apache.org/oak/docs/security/user/default.html#impersonation
The default implementation of the Impersonation interface comes with the following limitations and features:
- only user principals can be granted impersonation
- every user can impersonate itself
- the admin user always can impersonate all users (and therefore cannot be granted impersonation)
- the Configuration allows to define a list of user or group principals that can impersonate all users (since Oak 1.54.0, see OAK-10173)
In order to allow testing with AEMaaCS (where the local admin is not used) even user's of the administrators group need to be explicitly allowed to impersonate as a test user. Therefore the field
impersonationAllowedFor
already available for regular users should also be evaluated forautoCreateTestUsers
. For AEM Classic usually the localadmin
user was used which implicitly always is allowed to impersonate as everyone elsse.