This guide covers how operators can impersonate other users for customer support scenarios.
Overview
BitzOrcas’s delegation system allows authorized operators to temporarily act as another user. All actions during impersonation are audited.
Granting impersonation
Operators with the delegation.grant permission can create delegation grants:
POST /api/delegations/grantsAuthorization: Bearer {operator-token}
{ "targetUserId": "user-456", "tenantId": "100", "ttlMinutes": 60, "scope": "ticket.view,ticket.comment"}Returns a delegation token that the operator includes in subsequent requests.
Using the delegation token
GET /api/ticketsAuthorization: Bearer {delegation-token}
// The request executes as the target user// Audit log records both operator_id and target_user_idToken validation
The DelegationTokenMiddleware in the API pipeline validates delegation tokens automatically. It runs after authentication but before tenant resolution.
Revoking a grant
DELETE /api/delegations/grants/{grantId}Authorization: Bearer {operator-token}Security notes
- Grants have configurable TTL (default: 1 hour)
- Scope restrictions limit what the operator can do
- All actions are audited with both identities
- Only SqlSugar path supports delegation (EF Core: TODO)
See also
- Impersonation — Security architecture
- Identity module — Permission model