Tip #1167: Impersonation does not grant extra powers

Anonymous mask

I did write before about impersonating users. It’s a very straightforward “manoeuvre” and is commonly used when there is a service account (could be either non-interactive user or, better, application user) that needs to act as a specific user. There is even a built-in role Delegate which contains an absolute minimum set of privileges required […]