Skip to main content

Privacera Documentation

Table of Contents

Make calls on behalf of another user on PrivaceraCloud

If you have been given the ROLE_ACCOUNT_ADMIN role by the account administrator, you can make REST API calls on behalf of somebody else. This is sometimes called "user impersonation".

In this case, you pass your own username and password on the /protect or /unprotect endpoint and include the username of that other user as the value of the user: field. That other user's password is not required.

In the following example, user <privileged_user> includes his own password and specifies user:<username_being_impersonated> to make the call to /protect on behalf of that user:

curl -k -u <privileged_user>:<privileged_user_password> -H "Accept: application/json" \
-d '{"schemelist":["TEST_EMAIL_NEW_30_6"], \
"datalist":[["sally@gmail.com"]], \
"user":"<username_being_impersonated>"}' \ 
-H 'Content-Type: application/json' <peg_server_URL_or_API_endpoint>api/peg/public/protect;

Data services, such as Databricks or Trino, can also take advantage of the privileged user as the service user, allowing the data service to run /protect and /unprotect on behalf of other users of the data service.