Hi,
Is there a mechanism to alert a user when an admin is impersonating her/him?
It’s not really appropriate that admins can impersonate other users without the user knowing.
We’re using gitlab 8.17.5
Thanks,
Éibhear
1 Like
Nope, not at this moment, but there’s an issue to add more information in the audit log area of a user https://gitlab.com/gitlab-org/gitlab-ce/issues/19480.
Thanks for the answer.
We have a situation where some admin-granted users were impersonating others as a shortcut to asking them to perform the tasks themselves. We’re pulling admin access from them, but it raises the point that impersonation should only be done for beneficial purposes, and therefore the users being impersonated should be informed immediately so that they can confirm it’s for a good reason.
The next step, of course, would be to require permission from the user before impersonation can happen.
I don’t think an ad-hoc, post-facto, review of the access log would offer much defence against a rogue admin.
While I do like having as much information as possible in the audit logs, it seems like the root issue here is that you couldn’t grant the users the access they needed without having to grant them admin access. The concept of least-privileged-necessary-to-perform-job-task should mean we need more granular permissions, as opposed to just better audit logging (although that’s great too). Aren’t there destructive tasks an admin can perform that no amount of audit logging could save us from?
All great feedback 
@eibhear I’d suggest to open an issue as a feature proposal and put your use case in there.