Skip over navigation
You are currently viewing documentation for a previously released version of OroCRM. See the latest long-term support version.

User Impersonation


There are situations when a developer needs to log in into the system on behalf of a user. For example, the developer may want to check whether a customized feature works as intended. Such need mostly arises when a user reports a bug and the developers need to ensure firsthand that the reported issue really exists and that everything works smoothly when they have fixed it.

In this case, the regular way of logging into the system using the login and the password has a stumbling point: the user would have to share their credentials with the developer. For one thing, this is not a safe operation for a user, as there is a risk of compromising credentials each time they are sent over Internet. For another, it is inconvenient for the developer who cannot start troubleshooting the issue immediately and has to wait for the user to share their credentials. It becomes even more troublesome, if the developer needs to check accounts of several users.

Oro developers can use another approach known as user impersonation, which considerably facilitates troubleshooting. With the help of this approach, the developer uses a special link to log into the system on behalf of a user. The link contains a token that grants access to the system.

Find a Required User

List Enabled Users

If you want to impersonate a user but you do not have a username (for example, you have a username of the user that you are troubleshooting, but you also want to check whether everything works OK for other users of the same business unit), you can check what users exist in the system via the console.

In the php console, execute the oro:user:list command.

$ php app/console oro:user:list

This command generates a list of all users with the Enabled status. You will see a table that shows user IDs, usernames, statuses, first and last names, and roles.

| ID | Username                 | Enabled (Auth Status) | First Name  | Last Name | Roles             |
| 1  | admin                    | Enabled (Active)      | John        | Doe       | Administrator     |
| 2  | sale123                  | Enabled (Active)      | Ellen       | Rowell    | Sales Manager     |
| 3  | mbuckley                 | Enabled (Active)      | Michael     | Buckley   | Marketing Manager |

This list is paginated, by default 20 users are shown on each page. To see a particular page, use the -p<page_number> parameter. For example, to see page 2, execute:

$ php app/console oro:user:list -p2

You can limit the number of users displayed on each page. For this, use the -l<number_of_users> parameter. For example, to see 10 users per page, execute:

$ php app/console oro:user:list -l10

You can use the same parameter to see all users in the system on one page. For this, specify the number of pages as -1:

$ php app/console oro:user:list -l-1

To check all possible options, execute the oro:user:list -h command in the php console.

$ php app/console oro:user:list -h

List All Users

By default, the oro:user:list command shows only users with the Enabled status. To include users with the Disabled status as well, use the -a parameter:

$ php app/console oro:user:list -a

You will see all users that exist in the system.

Find Users with a Specific Role

To see only the users with a specific role, use the -r"<role_name>" parameter. For example, to see users with the Marketing Manager role, execute:

$ php app/console oro:user:list -r"Marketing Manager"

You can specify multiple roles:

$ php app/console oro:user:list -r"Marketing Manager" -r"Sales Manager"

Other Listing Command Options

To check all possible options, execute the oro:user:list -h command in the php console.

$ php app/console oro:user:list -h

Notify a User

Notification Email

When someone uses the impersonation link, a user receives a notification email:


This helps avoid surprises when the user notices that something has changed in the system but cannot figure out why this has happened. Additionally, such email can instruct the user to contact the system administrator if they noticed suspicious activity, thus preventing possible fraud.

The default notification email template is user_impersonate. It can be found on the All Templates page of your Oro application (System>Emails>Templates).

This behavior can be overridden if you select the silent mode when generating the impersonation link. (See the Impersonate a User in the Silent Mode section.)

Data Audit

If a developer who impersonates a user makes changes in OroCRM on behalf of the user, these changes are marked accordingly in the Data Audit section of the system and in the change history of the corresponding entity record:



Browse maintained versions:
Back to top