When Impersonation is useful

In a previous post I stated that Impersonation is not suitable for starting a Selenium browser session as a different user. Even so there are still a few scenarios where I do need it.

In my testcases I want to check that the state of the various tasks in SharePoint are conform my expectations. I use CSOM to query for the tasks and I verify that the results match the testcase. Due to SharePoint’s security trimming I can only see the tasks that I am authorized to see. As I don’t want my test user to have full site-collection admin privileges, I wrapped the CSOM calls in an Impersonation to another account that does have site-collection admin permissions. This lets me receive all relevant tasks regardless whether my account does or does not have permission to access to them.

The system I am testing will, in certain scenarios, set unique permissions on documents in a document-set. Even if I am the owner of the set, I will at most have Contribute permissions on those documents. Other users may or may-not have Contribute depending on the exact scenario. Therefore, my testcases need to check if the documents have the correct permissions. For this I use CSOM, however I cannot run that query under my own credentials as you need at least Design permissions to view the RoleAssignments and RoleDefinitionBindings of an object. So also here I wrapped the CSOM calls in a Impersonation to a site-coll admin.