Administrator Documentation

About Impersonation

Impersonation allows for a user with appropriate permissions to impersonate another users Brightspace account, effectively seeing the users account as if they were logged in directly as that user. When impersonating another user, you can access all areas of that users account, including all courses they are enrolled into, emails, account settings and submitted activities.

Impersonation is a powerful tool, allowing permissioned users to assist others by impersonating their account to investigate concerns or issues that user may be experiencing. In some scenarios demo student accounts may be enrolled into courses, allowing impersonation so that Instructors can explore their course as if they were logged in as a student.

When impersonating another user you cannot trigger release conditions as that user. However, if you were to complete an activity that was automatically graded, a release condition associated to that grade would be evaluated. When impersonating another user completion tracking is excluded.

Role Requirements

Roles that have the ‘Impersonate [role]’ permission selected will be able to see the ‘Impersonate’ option in the Classlist within org units and/or Users tool at the organization level. Whether you can gain access to that users account via impersonation depends on a series of security checks.

To be able to impersonate another user the impersonator must have:

Impersonator must have permission in the orgunit where impersonation originates to impersonate the orgunit role of the impersonee. Refer to User permissions for more information.
Impersonator must have permission at the organization level to impersonate the organization level role of the impersonee
Impersonator must have permission at any orgunit level to impersonate all roles that the impersonee may have within the organization
Impersonator must have all User Information Privacy permissions set to successfully impersonate. Refer to User Information Privacy permissions for more information.

While you do not need to share enrollments with the other user to access any course offering that they have an enrollment into, you must have permission to impersonate all the roles the impersonee has across an organization, as you will gain access to all their enrolled courses. If you do not have appropriate permissions, the attempt to impersonate the user will fail with the following message "You do not have sufficient permission to impersonate this user; they are enrolled with a higher access level in other areas of the organization.”

Launch Impersonation

From a Classist, click the dropdown next to a user and choose Impersonate.
From the Users tool, find a user and from the dropdown next to the user choose Impersonate.

Example Scenarios

Scenario 1 (Blocked Impersonation)

User A is an Instructor at the organization level and an Instructor at the course offering level.
User B is an Administrator at the organization level and a Student at the course offering level.
The Instructor role has permission to impersonate Student at the organization level and at the course offering level but has no permission to impersonate the Administrator role.
This impersonation would be blocked as User A does not have permission to impersonate the Administrator role for User B.

Scenario 2 (Successful Impersonation)

User A is an Instructor at the organization level and an Instructor at the course offering level.
User B is a Student at the organization level and a Student at the course offering level.
The Student role does not have any permission to impersonate any role. The Instructor role has permission to impersonate the Student role at the organization level and course offering level.
This impersonation would be successful and the User A would be able to impersonate User B successfully.

Difference between Impersonation and Role Switch?

Impersonation means that you are seeing Brightspace as if you were logged in as another user, providing access to all their data. When using role switch, you see Brightspace through the permissions configured for a role, which does not include any users private data.