can an administrator impersonate a user, i.e. open the user's dashboard as if it was the user? (without having the user's password)can that be done using some API calls or other ways?
no it is not possible with the current security design imposed by Java EE.we are going to work soon on security redesign, that's certainly a valid use case we will take in account.
Retrieving data ...