UMP "Impersonate" feature not working as expected

Document ID : KB000110102
Last Modified Date : 14/08/2018
Show Technical Document Details
Issue:
I am using the impersonate user feature to verify that a user has the correct views within USM, but when I ask a user to log in and we compare, they do not see the same things in their view that I see in my impersonated view.

For example, I have defined several USM groups, but the user does not see them when they log in.  However, when I impersonate the user, I can see the groups displayed in USM.
Resolution:
The UMP portlet is based on a third-party software called Liferay Portal; the "Impersonate" function is actually a built-in part of that software. 

Unfortunately, it does not always work reliably in UMP because of the way we have incorporated our own login hooks to the Liferay portal; to be more specific, the Liferay portal itself does not recognize the UIM concepts of Account users or Origins and so we have made some changes under the hood to enable this functionality. 

As a side-effect of these changes the Impersonate function does not work as it would work in an unmodified, out-of-the-box Liferay portal. One of the things that will happen is that when an administrator user impersonates another user, the administrator will still be able to see many things that are specific to the administrator account. It does work for things like applying the UMP read-only theme but it is not reliable for seeing "what a user would see" in many cases, such as the groups in USM. 

The best method for managing a user's pages is to log into UMP as the administrator, and locate the user into the Users & Organizations section of the UMP Control Panel. From here, one of the actions available for each user is "Manage Pages" and you can view/edit/modify the page layout which that user will see when logging into UMP. 

As far as the USM Groups/views, a best practice is to create an "internal" account contact for each account; for example, if you have an account called CustomerOne you could create an account contact called internal@customerone.com which is a member of this account.   Your administrators could then log into this account to see the same things that the members of that account would see.