Impersonation Mode
KMP supports a super user impersonation mode for rare troubleshooting scenarios. This feature lets a kingdom administrator temporarily operate as another member while preserving a full audit trail.
Activation
- Navigate to the member profile you want to impersonate.
- Super users see an “Impersonate Member” button in the actions bar.
- Confirm the prompt to start impersonation. The current session identity switches to the selected member and a banner appears system-wide.
Note: You cannot impersonate your own account, and only a single impersonation session can be active at a time.
While Impersonating
- A yellow banner on every page reminds you who you are impersonating and provides a “Return to admin account” button.
- Permissions, data access, and validation errors mirror the impersonated member exactly.
- All writes (create, update, delete) executed during impersonation are saved to the
impersonation_action_logstable with request metadata. - Session lifecycle events (start/stop) are captured in
impersonation_session_logswith request origin details.
Ending Impersonation
Use the banner button or send a POST request to /members/stop-impersonating. The original administrator identity is restored automatically. If the source account is missing, the user is redirected to the login page.
Caches and session state tied to the previous identity (navigation menu, history stack, view preferences) are flushed on start/stop to prevent state leakage between accounts.
Audit Trail
The impersonation_action_logs table records:
| Column | Description |
|---|---|
impersonator_id |
Administrator who initiated impersonation |
impersonated_member_id |
Member being impersonated |
operation |
CRUD operation inferred from HTTP verb |
table_name |
Database table that was modified |
entity_primary_key |
Primary key string for the affected row |
request_method / request_url |
HTTP context for the change |
ip_address |
Client IP when available |
metadata |
JSON with helper fields (table alias, etc.) |
Use this log to reconcile sensitive updates performed during impersonation.