How Do You Manage "Run As" Activity and Auditing?

Dan Napolitano

I recently discovered that when a user utilizes the "Run as another user" feature in CRM, their actions are logged in the database as if performed by the impersonated user. This includes adds, edits, deletes, page visits (as seen in the history), and session activity tracked in the ACTIVEUSERMONITORINGLOG table.

I'm curious how other organizations are handling this behavior—specifically, how they identify actions taken by User X while impersonating User Y.

So far, I haven’t found any global variables in Page Designer or the SDK that indicate a session is a "Run as" session. Has anyone found a reliable method for flagging or tracking impersonation activity?

Alan French

This would be really useful for us to know too - at one point we were going to open up the "run as" access to a huge chunk of the team so they could access their colleagues' My Fundraiser pages as well as their own, but we spotted the issue with the tracking (and the fact that they could get access to areas of the system they haven't been trained on) and decided to keep it more restricted. Even if it's not done deliberately, it's fairly easy to forget you're logged in as someone else and just continue using that browser window.

Dan Napolitano

I have identified what appears to be a value available in the constructor passed into javascript in a custom ui model that surfaces runAs. That is looking promising for isolated custom form level handling, such as suppressing functionality for runAs users, but that is somewhat limited in wider application.

Dan Napolitano

Blackbaud has confirmed that its products do not allow users to remove the “Run As” option from the Omnibar. This limitation prevents organizations from logging or tracking this functionality in a custom way within CRM. As a result, CRM users have no built-in method, or means to customize in-product, to monitor “Run As” usage or distinguish actions performed by the actual user versus those executed under impersonation.