This message was deleted.

That’ll depend on how your application does permissions rather than Ory, IMO. (I’m not an Ory person.)

hey, thanks for the reply. Actually in my application each user have individual login and it's not permission based yet. but still super admin want to login to all other user accounts, like having switch account button for each user that is being listed over. and no Oathkeeper installation yet.

Hello @faint-wire-27923 check out Ory Permissions aka the Ory Keto Permission Server, especially the new Permission Language, I think that could help you design a permission system with the above requirements: https://www.ory.sh/docs/keto/guides/userset-rewrites

it sounds like what you’re looking for is user impersonation, which afaik is not supported directly by ory (and often not a great option anyway, since there would likely be no way to know whether an action was done by the user or by an admin in the name of the user, so a permissions-based system is better for auditing)

Could not have said it better! Direct impersonation leads to a ton of complexity and problem @faint-wire-27923 There are many other ways how you can e.g. be compliant with certain regulations using logs & permissions as Andrew has rightly pointed out.

thank you @magnificent-energy-493 and @numerous-umbrella-61726 for your precious time. And yes now I feels like it is going to be lot more problems with impersonation. I will be proceeding with a better option. Thank you again guys.