Impersonation is used in Microsoft Dynamics CRM platform to execute the business logic on behalf of a system user, this includes the custom code execution governed by Microsoft Dynamics CRM security privileges of the impersonated user. Pre-entity and Post-entity images as passed to plug-ins as the execution context on behalf of the impersonated user.
Plug-ins not executed by sandbox or asynchronous service execute under CRMAppPool Identity service account. By default, CRMAppPool uses Network Service account but it can be changed by the administrator. If it is changed then administrator will need to add this identity account to thePrivUserGroup in the Active Directory.
Impersonation during Plug-in Registration
A user can be impersonated during the plug-in registration, administrator can specify a user account to execute the plug-in.
If the plug-in is getting registered programmatically then impersonation can be done by setting the property ImpersonatingUserId to a specific user, web service calls made by the plug-in execute on behalf of the impersonated user.
Impersonation during Plug-in Execution
IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);