"Run As" Feature - Security Concern

When using the “Run As” a specfic user feature, I’ve noticed that in the server logs there is no way to trace whether the person using the “Run As” feature is actually that user.

Does anyone else think it is necessary to add a field in the server logs or somehow show that this user is being impersonated by a Bubble user?


Actually I believe that “Run as” should be limited to test environment.

1 Like

That sounds like a good solution for this issue. Not sure if this feature is heavily used by anyone’s team to provide support to users, though.

This feature is accessible only to users with database rights on the application, so it doesn’t show anyone things they cannot see in the editor via the data tab.

1 Like