Skip to main content

Privacera Documentation

Table of Contents

Make calls on behalf of another user on Privacera Platform

If you have been granted privileged user status by the account administrator, you can make REST API calls on behalf of other users. This is sometimes called "user impersonation".

In this case, you pass your own username and password on the /protect or /unprotect endpoint and include the username of that other user as the value of the user: field. That other user's password is not required.

In the following example, user <privileged_user> includes his own password and specifies user:<username_being_impersonated> to /protect on behalf of that user:

curl -k -u <privileged_user>:<privileged_user_password -H "Accept: application/json" \
-d '{"schemelist":["TEST_EMAIL_NEW_30_6"], \
"datalist":[[""]], \
"user":"<username_being_impersonated>"}' \ 
-H 'Content-Type: application/json' <peg_server_URL_or_API_endpoint>api/peg/public/protect;

Data services, such as Databricks or Trino, can also take advantage of the privileged user as the service user, allowing the data service to run /protect and /unprotect on behalf of other users of the data service.