add stories
This commit is contained in:
@@ -0,0 +1,28 @@
|
||||
# Impersonate Users for Support
|
||||
|
||||
**ID:** ADM-006
|
||||
**Priority:** Low
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As a platform administrator, I want to temporarily impersonate a user so that I can troubleshoot issues they're experiencing without asking for their credentials.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Admin can initiate impersonation session for any user
|
||||
- [ ] Impersonation requires confirmation and reason
|
||||
- [ ] Clear visual indicator when in impersonation mode
|
||||
- [ ] Admin can end impersonation and return to their session
|
||||
- [ ] All actions during impersonation are logged
|
||||
- [ ] User is optionally notified of impersonation
|
||||
- [ ] Impersonation sessions have time limit
|
||||
- [ ] Cannot impersonate other admins without super-admin
|
||||
|
||||
## Technical Notes
|
||||
- Special JWT claim to indicate impersonation
|
||||
- Original admin identity preserved in token
|
||||
- Audit log must capture both admin and impersonated user
|
||||
- Consider "read-only" impersonation mode
|
||||
- Security review required before implementation
|
||||
|
||||
## Related TODOs
|
||||
- New feature - support tooling
|
||||
Reference in New Issue
Block a user