For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Open sourceSupportFAQsDocs Home
DocumentationAPI referenceRelease notes
DocumentationAPI referenceRelease notes
  • Platform On-Prem
    • Overview
    • Navigate
    • Search resources
      • Adapter API routes
      • Adapter degraded status
      • Broker principal config setting
      • Enumerations in applications
      • Event system
      • Events
      • Log class
      • Naming conventions
      • Public and trusted methods
      • Run as another user
      • Service brokers
      • Service config property encryption
      • Serving UI directories
      • Table control
  • Apps
    • FlowAI
    • Itential Automation Gateway
  • Resources
    • Itential Academy
    • Version lifecycle
    • Itential MCP
    • Accessibility conformance
    • Get support
    • FAQs
LogoLogo
Open sourceSupportFAQsDocs Home
On this page
  • Access the Pronghorn class
  • sudo arguments
  • Example implementation
  • Auditing
Platform On-PremDeveloper guide

Run as another user

Was this page helpful?
Previous

Service brokers

Next
Built with

The Pronghorn class has a function called sudo that provides the ability to run a given method using the permissions of a different user. This is an asynchronous function and can only be used to call asynchronous functions.

Access the Pronghorn class

Itential Platform instantiates the Pronghorn class on startup and exposes it as the global pronghorn object. Applications and adapters may reference it directly.

sudo arguments

The sudo method takes three arguments:

ArgumentDescription
userDataA JavaScript object that varies based on the implementation of your installed AAA adapter. This value should match the object passed to the login API.
actionA JavaScript object representing the method to be called. It contains three keys: service (a string — the unique name of the application or adapter where the method resides), method (a string — the name of the method), and parameters (an array of parameters passed to the function, excluding the callback).
callbackA callback method called with the result of the executed method.

Example implementation

1// Standard user object used for authentication
2// We will become the user named test
3const user = {
4    "username": "test",
5    "password": "test"
6}
7
8// Call to getDevice on an adapter named 'myDeviceAdapter' to get a device named 'ATL0'
9// Note: even though getDevice expects a callback, it is omitted here
10const action = {
11  service: 'myDeviceAdapter',
12  method: 'getDevice',
13  parameters: [
14    'ATL0'
15  ]
16}
17
18// Call the sudo function and provide the callback here
19pronghorn.sudo(user, action, (result, err) => {
20  if (err) {
21    return console.error(null, err)
22  }
23  return console.log(result);
24});

Auditing

When sudo is used, a new session is created in addition to the one calling sudo. The executed method runs under that new session. Since there are two different sessions, there are two separate audit trails. Both the session that called sudo and the sudo session itself are automatically flagged for audit serialization.