0

Let's say manager_a has permission to view the account of payee_a, so manager_a logs in to payee_a, inside I have my LWC app, I can able to get the payee_a's email id using

import userEmailFIELD from "@salesforce/schema/User.Email";

But I want the manager_a email id also in my app, is there way I can get the logged in as user email id either in LWC or in Apex class

I tried the authSession object in salesforce, but it's giving me all the emailId in that session, but I want the specific user who impersonating as another user

R_M_R
  • 31
  • 6

1 Answers1

0

Not reliably.

You can use https://salesforce.stackexchange.com/a/222302/799 to detect if there's something fishy going on. And then try querying SetupAuditTrail table, this could be a good start

select Id, Action, CreatedBy.Email, DelegateUser, CreatedDate, Display
FROM SetupAuditTrail
WHERE Action IN ('suOrgAdminLogin', 'suOrgAdminLogout')

But I expect it to fail if you're logged in as non-admin and don't have access to Trail (for example no "Customize Application" permission). So it might have to be something you check after the fact, maybe nightly job that reads the Trail, checks times and flags some records as suspicious?

If you have event monitoring addon (standalone or as part of Salesforce Shield) maybe there's an event you could listen to generated during Login As

eyescream
  • 18,088
  • 2
  • 34
  • 46
  • Thanks for the reply, my use case is to obtain the email id during my app load which is an LWC app package component. Event monitoring won't work in my case, as I have to display the details in my app based on the logged in user email Id, so I require the email Id to check in my system if the user has necessary permissions to view other user details during the app load and display the content accordingly in my app in salesforce. If this is not possible, may I get to know at least if the Logged in user is not the actual user?if not the email id – R_M_R Aug 25 '23 at 06:55
  • if they have "login as" power then that's total impersonation as far as your app is concerned. What would you do if the admin was legit asked by the user to login as to investigate an error they're seeing? The logged != actual you should be able to pull off, have you checked that link https://salesforce.stackexchange.com/a/222302/799 ? – eyescream Aug 25 '23 at 08:10