Direct user impersonation from execution URLs being enabled for administrators

matt-aitken

·#3144Impersonating run and clearing fix

System administrators will be able to navigate directly to any execution run URL and instantly view it through the original user's perspective, accelerating support workflows.

Here's the LatestUpdated as code changes

Troubleshooting specific executions is being accelerated for system administrators. Direct links to execution runs will automatically trigger an , allowing support teams to view the exact state of a run precisely as the user sees it, without manually initiating an impersonation flow first.

When an administrator accesses a run URL, a verifies their permissions, looks up the associated project and organization, and redirects them to the authenticated user's view. Additionally, navigating to a new impersonation URL while an active session exists will automatically . This prevents cross-account data pollution and maintains accurate audit logs of administrator access.

This analysis will evolve. Full story with review threads and final assessment available after merge.

View Original GitHub DescriptionFact Check

Fact Check Notice: The PR description states impersonation happens automatically when visiting the standard /runs/<run_id> path. However, the implementation actually introduces a distinct /@/runs/<run_id> route to handle the impersonation routing logic.

Automatically impersonate a run when visiting /runs/<run_id> if an admin is logged in
Clear existing impersonation when switching