Product DocsMenu

What Is an Impersonator?

An impersonator is an account which uses the security permissions of another account in order to gain access to restricted documents. In the Coveo Platform, impersonation is used as a way to gain remote access to collections—especially in front-end/back-end configurations (where the search interface and index are located on different servers) because Windows does not allow a security token (object containing the user permissions) to be transmitted over the network twice (double-hop).

Example: Using impersonation in a front-end/back-end network configuration.

The user connects to one of the front-end servers (containing the search interface) via the intranet in order to query the back-end server (containing the index). If impersonation is not configured, the user security token is transmitted to the front-end server but cannot be retransmitted to the back-end server, because Windows prevents this double-hop. Therefore, the index cannot verify the user permissions and returns only documents available to everyone. However, if the front-end server has impersonator privileges, no token is exchanged between the user and server; instead, the front-end server assumes the identity of the user and sends the token directly to the back-end server—which returns all documents the user is allowed to open.

To allow impersonation, the front-end server address must be entered in the Impersonators list (see Granting Impersonator Privileges).

People who viewed this topic also viewed