Multiple Logins Same Time Employee / Manager question on how

To all,

Wandering if anyone has accompished this, know of a mod. Currently working on an app and need a way to have a manager login to a system, but maintain the current users login. So maybe there is a manager override, which would allow him/her to load a record for an employee.

The problem comes to access rights and rules RBAC. Once the user logs in the user info is set in the system. I would have to have a manager somehow have a secondary login which would then have the auth system first check if a manager or secondary person is logged in who can access certain in formation, and then if not, just follow the rules for the current user.

I need to maintain the employees login to access records directly related to that employee.

I would somehow need the auth system to store a second logged in user and the have the auth system when doing a rule check if a secondary manager with higher rights can access or see certain information for a page.

I kind of figured a few ways to do this.

  1. Store the current identity in session somewhere and switch the identity.

  2. Temporarily copy rights on successful login to the current user. But that is dangerous (If for some reason the right do not switch back) and limiting.

The problem in switching the identity is if I am querying for record based on the current user, they will not obviously show up. If I could have 2 concurrent logins, let RBAC recognize from the 2 current logins who has highest access rights, but still recognize the original users identity info.

I want a manager to also login, which would elevate the rights of the current user or by recognizing a manager has logged and applying those rights to the system and disregard the current users rights.

Part of the way to accomplish this is to have the manager login and create a new session variable with the identity.

Some how with the security system I would just need a way on access or role check to query both Identites and if either one has clearence then proceed. I do not know where in the framework I need to do this.