Run as another user

The Pronghorn class has a function called sudo that provides the ability to run a given method using the permissions of a different user. This is an asynchronous function and can only be used to call asynchronous functions.

Access the Pronghorn class

Itential Platform instantiates the Pronghorn class on startup and exposes it as the global pronghorn object. Applications and adapters may reference it directly.

sudo arguments

The sudo method takes three arguments:

Example implementation

1
// Standard user object used for authentication
2
// We will become the user named test
3
const user = {
4
    "username": "test",
5
    "password": "test"
6
}
7
8
// Call to getDevice on an adapter named 'myDeviceAdapter' to get a device named 'ATL0'
9
// Note: even though getDevice expects a callback, it is omitted here
10
const action = {
11
  service: 'myDeviceAdapter',
12
  method: 'getDevice',
13
  parameters: [
14
    'ATL0'
15
  ]
16
}
17
18
// Call the sudo function and provide the callback here
19
pronghorn.sudo(user, action, (result, err) => {
20
  if (err) {
21
    return console.error(null, err)
22
  }
23
  return console.log(result);
24
});

Auditing

When sudo is used, a new session is created in addition to the one calling sudo. The executed method runs under that new session. Since there are two different sessions, there are two separate audit trails. Both the session that called sudo and the sudo session itself are automatically flagged for audit serialization.