ActionConnect Docs

Appearance

Audit & impersonation

To support customers safely, ActionConnect staff sometimes need to act on a tenant's behalf. Every console action is audited, and access to tenant data is only ever granted through explicit, time-boxed impersonation.

WARNING

ActionConnect staff only.

The audit log

The console keeps a full audit log of every action staff take: who did it, what they did, which tenant it affected, before/after details where relevant, the originating IP, and a timestamp. This includes tenant lifecycle actions (create, suspend, resume, de-provision), plan and billing changes, feature-flag overrides, and impersonation grants and their use.

The audit log is the accountability backbone of the control plane — it makes every staff action reviewable after the fact.

Why impersonation exists

The console operates on the control plane and cannot read or write a tenant's data directly — that separation is structural. When a support situation genuinely requires seeing a tenant's app as they see it, staff request an impersonation grant.

NOTE

Impersonation is a planned capability. The control plane already models grants (reason, expiry, revocation) and audits them; the live "act as tenant" flow is being rolled out. The audit log and the structural isolation described below are in place today.

How impersonation is controlled

Impersonation is deliberately constrained:

  • Explicit — a grant must be created with a stated reason; there is no silent backdoor into tenant data.
  • Time-boxed — every grant has an expiry, after which it no longer works. Grants can also be revoked early.
  • Audited — both the grant and each use of it are recorded in the audit log.

This means support staff can help when needed, but customer data access is always limited, intentional, and traceable.

Using impersonation responsibly

  1. Confirm there is a genuine support need that cannot be resolved from the control plane.
  2. Create a grant with a clear reason and the shortest practical expiry.
  3. Do only what is necessary, then let the grant expire or revoke it.
  4. Expect every action to appear in the audit log.

Tips

  • Treat impersonation as a last resort, after control-plane tools.
  • Keep reasons specific so the audit trail is meaningful.
  • Periodically review the audit log for unexpected activity.

ActionConnect documentation — kept in sync with the product as features land.

Copyright © Zentrosoft / ActionConnect