M2.0 RC1 - Login As functionality

M2.0 RC1 - Login As functionality

by Bryan Dawson -
Number of replies: 29

Testing moodle 2.0 RC1 is a massive culture shock for somebody who is used to Moodles from 1.4 onwards.  A lot of effort will need to go into making it behave like 1.9 before we can convert our academics to 2.0.

An example of this is the Login As function whereby an Admin can impersonate a user.  This is an essential and frequently used function for us.  So why was it moved to the Course Settings box, when it made perfect sense under the shortform profile display as it is in 1.9?  And why, when you click on your own name to exit the impersonation, does it throw you back to a login screen instead of putting you back at the point where you started the impersonation?

Average of ratings: -
In reply to Bryan Dawson

Re: M2.0 RC1 - Login As functionality

by Joseph Rézeau -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hi Bryan,

Apart from the technical aspect, there are ethical considerations with the Login As Moodle feature. Some years ago that feature was default-enabled on our (university) Moodle site. In my teacher role, I found it quite useful on some occasions (Login As a student to close a Quiz which was finished but student had forgotten to submit it; re-enrol a student who had mistakenly un-enrolled themselves, etc.). One day our admin decided to remove that facility, and we had a heated debate. I finally agreed that - in spite of its practicality in some cases - the impersonation is ethically not defendable, as it can lead to all kind of problems. It's somewhat equivalent to giving someone else your personal password, a practise which is strongly discouraged, for very good reasons.

Joseph

Average of ratings: -
In reply to Joseph Rézeau

Re: M2.0 RC1 - Login As functionality

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hi Bryan,

Regarding being logged out when you click on your own name, I understand this is done for security reasons. If you then login again, it should take you back to where you were.

We could definitely do with improving the UI so that being logged out doesn't come as a shock. Have you any ideas or suggestions? Perhaps a tool tip when you mouse over your own name?

Average of ratings: -
In reply to Helen Foster

Re: M2.0 RC1 - Login As functionality

by Bryan Dawson -

Thanks Helen,

I think a tooltip with a message like 'Log out as other user and log back in as yourself' would explain what would happen without cluttering up the screen.

Like Greg, we use it as an essential support tool, for a limited number of support staff.

But i'm still unclear as to why the Login As functionality was removed from the user profile display (where it make perfect sense - this is who you are going to log in as) to a side block which in some themes could be docked?

Average of ratings: -
In reply to Joseph Rézeau

Re: M2.0 RC1 - Login As functionality

by Manish Verma -

Hi,

This is in response to ethical consideration point. The server administrator can find out all login details of any user including the password I believe (please correct me if I am wrong). The person is considered to be responsible enough to have this capability. If teacher(s) is(are) not considered responsible enough for his/her(their) own students then who else? If a particular teacher is not responsible enough then a different role can be created for him/her without this functionality. Same applies to a group of teachers if desired.

Besides this, in case a student finds anything wrong with his/her account, he/she can report this to the school and investigation can be done and the admin can check if there was any inappropriate access.

Manish.

Average of ratings: Useful (1)
In reply to Manish Verma

Re: M2.0 RC1 - Login As functionality

by Mark Johnson -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Just to clarify, passwords are stored using a 1-way hash, the administrator has no way of finding out a user's password.

Average of ratings: Useful (1)
In reply to Joseph Rézeau

Re: M2.0 RC1 - Login As functionality

by Greg Scales -

Joseph; I cannot disagree more. Our helpdesk personnel routinely use this feature to "see what the student sees". Without the feature, the helpdesk people would in essence be unable to perform their duties. In order to "see" what the student is calling in about, the helpdesk person would have to login as the student, requiring not only the userid, but the password as well. That is a far more serious security breech than logging in as the student, as now the student's password is compromised, and perhaps his/her password scheme.

I can understand disabling Login As by default, but to eliminate the functionality, in my opinion, is going to seriously hamper the viability of the product.

Average of ratings: -
In reply to Joseph Rézeau

Re: M2.0 RC1 - Login As functionality

by James D -

I disagree in regard to Login As being ethically indefensible. If the system correctly logs a users actions - including while they are impersonating another user - there is no ethical dilemma. If you do something unethical then you will get caught because your actions have been logged.

The real unsolvable ethical dilemma is when and IT person can gain access to a users credentials - via direct access to the database - and truly impersonate them using the users actual credentials.

Not to mention the ability to access, edit, or delete logs etc. to cover their tracks.

There should be an implied level of trust for an IT person, but there should also be for users with higher privileges that have Login As capability.


We have had this discussion many times at our institution and it is a battle that still rages between IT's concern for security, and the needs of support staff to troubleshoot issues.

Average of ratings: Useful (1)
In reply to James D

Re: M2.0 RC1 - Login As functionality

by Richard Oelmann -
Picture of Core developers Picture of Plugin developers Picture of Testers

Agree - we run two different systems currently. Moodle has this function and the number of support calls my team gets where we can click 'log in as' and see exactly what is happening and resolve it there and then is a direct contrast to the other system where this function is only available to one member of the development/system technical staff and similar support calls end up with us telling a member of staff they'll have to come in to see us (or us go and see them - either way its an issue across 5 campuses!) so we can see what is happening when they log in. 10 minutes to resolve in Moodle, 3-4 days at least to resolve in the other system, assuming diaries and locations can be tied up even then.

While there are ethical considerations, to say that this feature is 'ethically indefensible' is far too strong and if there are such significant concerns around the staff involved as to result in blocking this feature then I would suggest there are bigger issues of trust and professional responsibility within the institution. Proper logging, identifying who (really who) has done what and from what IP address should be sufficient to enable any inappropriate actions to be tracked and disciplinary processes to be invoked if such unethical actions ever are suspected.

Average of ratings: -
In reply to Richard Oelmann

Re: M2.0 RC1 - Login As functionality

by James McLean -

But it's all a bit late to discuss now, the thread was started in 2010 smile

Average of ratings: -
In reply to James McLean

Re: M2.0 RC1 - Login As functionality

by Richard Oelmann -
Picture of Core developers Picture of Plugin developers Picture of Testers

Ha thanks James - I didn't spot that, just responded to the other James, You're quite right! smile

Average of ratings: -
In reply to Bryan Dawson

Re: M2.0 RC1 - Login As functionality

by David Mudrák -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators

And why ... does it throw you back to a login screen instead of putting you back at the point where you started the impersonation?

There is a strong security related case that student could gain teacher's or even admin's rights when the auto-returning feature would be still available. The development team decided to go the lesser evil way and therefore now the relogin is required after masquerading. We were aware of the usability drawback but please believe it was done for really good reasons and it is protecting your site.

Average of ratings: -
In reply to David Mudrák

Re: M2.0 RC1 - Login As functionality

by Joseph Rézeau -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Thanks for the info, David.

Average of ratings: -
In reply to Joseph Rézeau

Re: M2.0 RC1 - Login As functionality

by Petr Skoda -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers
If Moodle was a banking software we would have to log out user and force them to close the browser completely...
Average of ratings: -
In reply to David Mudrák

Re: M2.0 RC1 - Login As functionality

by Leandro Vilante -

Hi everyone

This may happen if someone leave the computer while logged in, doesnt matter if using that functionality or not. In either way the fault is of the administrator not of the system, and i believe the programmers could let it as it was at versions 1.9.x.

The ethical reasons seems more justifying, but as Manish said, if someone is an administrator is because it is also responsible, and if a pointed problem appears, the consequences shall come to him/her, soon or later.

Leandro

Average of ratings: -
In reply to Leandro Vilante

Re: M2.0 RC1 - Login As functionality

by Rob Monk -

Moodle is not a bank.

Our humble high school is not a high stakes University. 

I want my teachers to be able to login as a student and not only see the course they teach but all courses the student is enrolled in. 

This is particularly important for our "Learning Group" teachers. They have a pastoral role with students. They need to be able to see exactly what is going on with a student across all courses. Logging in as the student is the quickest and most accurate way to do this. 

How do I set up this via roles?

It must be able to be done because, as an admin, I'm able to log in as any student. How do I give this power to my teachers. 

Average of ratings: -
In reply to Rob Monk

Re: M2.0 RC1 - Login As functionality

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

I think you could possibly do this by creating a site wide role based on the teacher and giving them the loginas facility (though I haven't tried it myself so can't guarantee itsmile) Make a new role via Settings>Site administration>user>permissions>define roles. Base it on the teacher role and make sure it  has "system" checked in the context section. Then edit it and search for "loginas" and check the box to allow this facility for this role. You would then have to manually assign this role to just your Learnig group of teachers.

However, I agree with those in the earlier thread who questioned the morality (and security) of being able to log in as others. I am based in a regular secondary school too and only admins can "log in as.."We might possibly consider the mentor(parent) role if we needed to do the same as you. Have you thought of that?

Average of ratings: -
In reply to Mary Cooch

Re: M2.0 RC1 - Login As functionality

by Rob Monk -

We did this already. All our teachers are assigned the role of Rubric Sharer at the system level. ( So they can share rubric templates). We tried to add the login as permission to this role but it still only works for admins. 

Average of ratings: -
In reply to Rob Monk

Re: M2.0 RC1 - Login As functionality

by Itamar Tzadok -

You also need to consider that login as sessions record in the log actions the student did not actually do. For instance, if the teacher logged in as the student enters an activity/resource the student did not enter, the log will show that the student entered that activity/resource. This may distort later analyses of the student's actions. smile

Average of ratings: -
In reply to Itamar Tzadok

Re: M2.0 RC1 - Login As functionality

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

Indeed -see MDL-34445

Average of ratings: -
In reply to Mary Cooch

Re: M2.0 RC1 - Login As functionality

by ben reynolds -

I'm in a totally distance ed environment. We give teachers the capability to login as so that, when a student's file upload to an assignment fails, the teacher can upload the file logged in as the student.

We also use login as to troubleshoot tech issues that are peculiar to that user. Usually, it's an IE browser issue.

We also, as Joseph noted above, use login as to close quizzes left unsubmitted by students.

Itamar is correct that login as can distort user behavior, for example by uploading the same file several times, but, in my experience not all actions are recorded (at least, not in logs viewable by teachers) for the person logged in as.

There may be ethical issues with login as, but, IMO, they are more theoretical than practical. I've been hiring teachers since the 80's, and I've not yet managed to hire a psychopath who intentionally damaged a student's record (for example, by posting lies to a forum). I like to believe that I would recognize someone like that in the hiring process.

Average of ratings: -
In reply to ben reynolds

Re: M2.0 RC1 - Login As functionality

by James D -

I understand the practicality of having that ability, but it is in no way theoretical as to the problems it can cause. I would hope that we would all recognized people like that before we allow them into our organization. However, I have yet to hear of anyone wearing their "I am a psycho" t-shirt to an interview. The whole reason we have passwords and locks on our doors is because someone has abused that access in the past and steps have been taken to set boundaries. One day a student may claim they have submitted something and it was changed, deleted, or something else when it never happened, but since an administrator had logged in at some point there is no way to definitively prove who did it. I like the idea of having the log reflect the change was from an administrator rather than the actual student.

Average of ratings: -
In reply to James D

Re: M2.0 RC1 - Login As functionality

by Chris Pangelinan -

I agree! With almost 20 years of system administration experience, I understand that there are always reasons to have features like this and reasons not to have it. There will always be proponents for either side. However, failure to take actions to prevent potential violations is considered negligence. You can't control users or their motivations. You can't predict accidents. But, you can't assume that nothing bad would ever happen (intentional or not). If there is a risk, it has to be addressed. Not all institutions that use Moodle are lucky enough to always have low- to no-risk users, regardless of the size of their institution.

In the case of Teachers logging in as Students, I completely understand the benefits of this. It would even help to take the load off of support personnel. But, we've had students file suit against our institution claiming that a teacher doctored their submissions and played the racial discrimination card. I also personally know Teachers that I would not trust to be fair. The threat of a Teacher logging in as a student with malicious intent is real... especially at the higher ed level. The threat of a student making false claims against a Teacher is real, as well.

From the system admin point of view, you don't have to completely disable the "login as" feature as long is there is an audit trail that allows you to clearly distinguish which actions were taking by which user. In addition, Teachers would need to be made aware that all of their actions are logged and attributed to them (even when logged in as a student). This is not only to let them know that they can't hide anything, but also to let them know that there are logs to help protect them from false claims from students. Furthermore, Students would need to be made aware that Teachers have the ability to login as them. Otherwise, students will have some expectation of privacy and then we could have some legal liabilities. So, you can still prevent malicious activities via the "login as" feature through deterrence rather than through removal of the feature.

Can someone from HQ jump in to explain how an audit trail like this might exist in Moodle and who would be able to access reports to show "login as" activities?

Average of ratings: -
In reply to Chris Pangelinan

Re: M2.0 RC1 - Login As functionality

by ben reynolds -

Umm, did this topic just get moved? It came to my email as being in Testing Q&A.

Average of ratings: -
In reply to ben reynolds

Re: M2.0 RC1 - Login As functionality

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Ben, you are correct - the discussion was moved from the Testing and QA forum, since 'log in as' is no longer new functionality. Discussion thread subscribers are kept when a thread is moved.

Average of ratings: -
In reply to ben reynolds

Login As functionality in 2.5 ?Where?

by Dot Waterhouse -

This is still an issue in Version 2.5

As admin for my Organisation I am leaping from 1.9 to 2.5 and this function is vital for how my organisation uses Moodle.

In my test site:

  1. I have looked in the Course Admin and can't see how to do it there as was suggested in the first post.
  2. I have set the 'login as' permission for myself as the administrator - in the system context but can't find a 'login as' link anywhere
  3. I have done the same for a teacher role and still can't find a 'login as' link anywhere

Has this option been completely blocked in 2.5?

 

Average of ratings: -
In reply to Bryan Dawson

Re: M2.0 RC1 - Login As functionality

by Lindy Klein -

We've recently upgraded to Moodle 2.7, and have noticed that when using login as a student, we can no longer see the Change password link in the Administration block under User profile, and when editing profile, can no longer see the field to change the user's password.

 

Personally, I think this is a useful setting, but I can't find a discussion of it on the forums or in the tracker.  I looked through the 587-odd tracker issues addressed by the 2.7 upgrade, but couldn't see mention of it there.

 

Has anyone else experienced this issue?  Can anyone from HQ confirm this is intended Moodle behaviour (and if so - thank you, seems a good security feature!)?

 

All the best,

 

Lindy

Average of ratings: -
In reply to Bryan Dawson

Re: M2.0 RC1 - Login As functionality

by James D -

The reasons for logging you out after impersonating another user has to do with how some systems manage sessions. If you were to go back to your starting point but keep the same session, there could be problems or implications of crossover with your actions in the other users account. Forcing you to log out and log back in ensures that a new session has started and there can be no crossover.

Average of ratings: -
In reply to Bryan Dawson

Re: M2.0 RC1 - Login As functionality

by SKT Themes -

Awesome discussion. some days ago I have forgave my password. and trying to recover it. but its not recover. 

Average of ratings: -