We have a Box Co-Admin account with the following permissions enabled:
-
Manage Users
-
Manage Groups
-
View Users' Content
-
Edit Users' Content
-
Log into Users' Account
The Co-Admin can successfully impersonate regular managed users using the As-User API.
The same Co-Admin can also view another Co-Admin's files and folders through the Content Manager functionality in the Box Admin Console.
However, when attempting to access the other Co-Admin's content using the As-User header, the API returns HTTP 403 Forbidden.
Questions:
-
Is Co-Admin to Co-Admin impersonation supported through the As-User API?
-
Is the 403 response expected behavior?
-
If Content Manager can view another Co-Admin's content, is there a public API equivalent to Content Manager?
-
Is there a supported way to programmatically access another Co-Admin's content for migration purposes?
Any documentation references would be appreciated.