Description:
Impersonate function has been a powerful functionality to operations team, however with security concerns.
Example/Use case(s):
Operations team to troubleshoot an issue, can impersonate an end user. However, it provides access/permissions where an operations associate does have full permissions even to delete the resource. Even though Impersonate function logs the details. Security team has raised concern on the level of permissions an impersonated person can perform on others profile. To handle, this a read-only permission on impersonation will likely be helpful to operations team instead of removing the permission itself.