Impersonation



On This Page

Overview

Impersonation allows a site admin access to all the folders on the platform, including those that belong to other users.  A job can be set up using the username and password of the site admin to sync/migrate/copy files to or from a different user's account without ever having the username or password of that user. If a connection has been created with an account that has the proper permissions, you can select to enable the Run as user option for the source and/or destination. You can then select the user you want to impersonate for the job.

REST API

In the sample code below, files are being copied from an NFS location to the OneDrive for Business account of Joe Developer by the site administrator. The code shows how to create the source NFS connection.

 

POST {{url}}v1/connections

{ "name": "\\\\srv\\users", "platform": { "id": "nfs" }, "auth": { "unc": "\\\\localhost\\d$\\dev\\Test\\Users" } }

 

Create a OneDrive for Business connection as the site administrator to be used as the destination. The create a new transfer job with the impersonate_as section in the body.

{{url}}v1/jobs

{ "name":"My Impersonation Job", "kind": "transfer", "transfer": { "audit_level": "trace", "transfer_type": "copy", "source": { "connection": { "id": "{{nfs_connection}}" } }, "destination": { "connection": { "id": "{{cloud_connection}}" }, "impersonate_as": { "id": "12", "name": "Joe Developer", "email": "jdeveloper@domainName.onmicrosoft.com" }, "target": { "path": "/Documents/{{New_Folder_Name}}" } } }, "schedule": { "mode": "manual" } }

Files you see when you log in as jdeveloper are inside default “Documents” library, so if you want the transfer to create subfolder accessible via their UI, you can set destination as “/Documents/{{New_Folder_Name}}.”

If you set your destination path to just “/{{New_Folder_Name}},” it will successfully transfer but will not be readily visible to the user you are impersonating. To find the content, jdeveloper would need to modify the URL (for example, https://domainName-my.sharepoint.com/personal/jdeveloper_domainName_onmicrosoft_com/{New_Folder_Name} ).

 

For platforms which use Active Directory accounts (such as SharePoint on-premise), specify the following instead of "email" in the "impersonate_as" block: "username": "domain\user"

 

Run the transfer job and notice that the source files have been copied to Joe Developer's OneDrive for Business account into the specified path.

PATCH {{url}}v1/jobs/{{job}}?start=1

 

 

 

DryvIQ Migrate Version: 5.8
Release Date: September 4, 2024