1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

How to Set-up and Perform Impersonation on PTC Integrity

Published by SPK Blog Post
on April 27, 2015

From time to time, if you are administering a PTC Integrity Lifecycle Manager you’ll need to be able to log into PTC Integrity as one of the users you support. If you want to avoid requesting their password (if your company uses LDAP to synchronize everyone’s PTC Integrity password with their corporate password, sharing passwords with anyone is not a good idea security wise), or forcibly resetting their password in the MKS Domain (if you use that), you can use something called impersonation.

NOTE: Impersonation can be a potential security hole. There is the possibility for a user to perform actions that are logged as another user who could potentially have administrator permissions.

In order to try to avoid any potential security pitfalls, the example I am going to walk through below will demonstrate how you can configure your administrator account (and only your administrator account) to impersonate other users.

Before you can start impersonating people on your PTC Integrity Lifecycle Manager server you need to create an ACL (Access Control List) to define who has access to the permission to do this.

To set up the Impersonation ACL in PTC Integrity Lifecycle Manager, perform the following steps:

1) In the PTC Integrity Administration client, expand the Permissions section and select the “All” node.

2) Next, right click on the mks ACL group, and select “Create ACL.”

3) This will open the “Select ACL Entries to Add” dialog

4) Next, define the user or group you wish to allow impersonation of.  In this case I want to allow for the impersonation of the “everyone” group.  Therefore I have named the ACL mks:impersonate:group:everyone

5) Last but not least, I select the administrator user, to implicitly state which user has permissions to impersonate under this ACL.

6)  Once you select “OK” to apply your new ACL you will see it appear in the ACL lis

Creating the ACL to allow for impersonation is just the first step.  If you actually want to perform Impersonation you need to invoke it from a command prompt window.  You cannot invoke impersonation through the GUI.  You can use the command line to create a GUI session and instantiate the connection using the impersonateuser flag to create a session as the impersonated user.  The command to do so is as follows:

im issues –hostname=serverHost –port=serverPort –user=administrator –password=yourAdminPass –impersonateuser=impersonatedUser –gui

This in turn will open the following window for you:

From here, everything that is performed will be as if you were logged in directly as a given user in the system. And best of all, the only people who will have access to this impersonation functionality as it is configured are those people who already have access to your administrator account.

The ability to impersonate any given person within your PTC Integrity server can go a long way in determining what the problem is when one of your users calls you complaining that a certain trigger or critical piece of functionality isn’t working.

Next Steps:

Latest White Papers

Three Trends Are Transforming The Service Desk

Three Trends Are Transforming The Service Desk

Your IT service desk is about to change. Find out what's shaping the future. Three factors — enterprise service management (ESM), collaboration, and intelligent service management — are driving the transformation of the service desk. To better meet customers’ needs...

Related Resources

Is The IT Department Really “Dead?”

Is The IT Department Really “Dead?”

“It’s Time to Get Rid of the IT Department.”  That was the title of an opinion piece recently published in the Wall Street Journal.  Provocative?  Sure.  My answer to this is not “yes,” but many of the author’s points are valid.  The Same Old IT Department? No, the IT...

How To Add More Disk Space To Your Redhat Server Without Reformatting

How To Add More Disk Space To Your Redhat Server Without Reformatting

(Originally published in 2012, updated January 2022.) One of the common tasks for any system administrator is managing disk space on a server. A common question is how to increase disk space on a linux system. I won't go into a boring lecture on why managing disk...

January 2022 vCAD feature updates

January 2022 vCAD feature updates

Happy New Year vCAD Users! It was a busy 2021 in terms of vCAD development and feature enhancements. We've been receiving lots of feedback regarding the platform, and we're assembling a roadmap for 2022 based on our users' needs. Here's what to expect in 2022:...