User impersonation by admins
Sometimes you need to take a closer look at someone's account to view the account as them. In that case, Small Improvements is here to help. For instance, you may want to see the system from a certain middle manager's perspective to get a better feeling for how your particular 360 cycle setup works for her. It's possible, but there are a few things to consider.
When you sign up for SI for the first time, you get a set of 15 sample users, so you can impersonate them and see the sample content from different perspectives. It's quite an awesome feature, and even if your account has long moved into production and you've deleted the sample users, you can still set up a "fake" company account by logging out and then signing up with your personal email address, and use that as a sandbox environment. You can then experiment and try things out without upsetting your entire company in case something breaks.
But let's assume you need to troubleshoot a problem in your real account, and really really want to impersonate a real user. It is possible, but by default this feature is off. It is a very powerful feature, and we want customers to make a conscious decision to enable it.
Risks to consider
Once you impersonate someone else, you can see all their confidential data, and any action you perform is credited to their account. There is no "read only" mode — after all the impersonation also needs to enable you to redact content that's inappropriate.
- We do write an audit log entry the moment you impersonate someone, and SI staff can take a look at log files in case the impersonation feature is abused. But even if you accidentally delete something, without any bad intentions, it will be a bit embarrassing, so we don't promote the feature, it's more of a last resort.
- To prevent the most grave problems, you can't impersonate anyone up your management chain. But of course you can still impersonate very senior people (for instance the CFO if you report to the CTO). They might not like you working in their account. This is another reason why the feature is off by default, and surrounded by lots of warnings and hints.
- Even when enabled, only users who have both the HR and the Tech Admin role are able to use it.
How it works
Here's your step-by-step guide: Locate the user profile of the user you want to impersonate. Open the "Manage" dropdown. Locate the "Impersonate" entry. Note that it won't be there for your management chain, nor if you're not a super-user.
Click it. A popup asks you to confirm that you know what you're doing. Then you get taken to the homepage of the impersonated user, and you see what they would see. A note at the top of the page reminds you that you're in impersonation mode, and provides a quick way to exit the impersonation mode. The note follows you around on every page, to ensure you don't forget about the impersonation.
Also, the user name in the top right still contains a reference to your real user account. You can now perform any action that's needed, then exit the impersonation mode again. While we don't notify the impersonated user, an audit log entry is written, so your fellow HR Admins are able to see your action. Don't abuse this feature.