After creating a record using a Connect action, such as Create Incident, the agent is logged out and switched to the guest account.

1. Remove end-user access to sys_user records using a before query Business Rule, so that the end user cannot impersonate back to the agent.
2. Initiate a connect support conversation between the agent and the end user.
3. As the agent, use the create incident connect action.
4. Fill out the mandatory fields and submit the record.

Observe the record is submitted, but you cannot send any more messages, and if you refresh you are logged in as the guest user. The backend code which causes the agent to impersonate the end user to check some permissions and then impersonate back to himself and if the end user of the conversation cannot see the sys_user record for the agent, he cannot impersonate back. When this happens we default to the guest account.

This issue was fixed in Jakarta. The workaround on earlier releases was to disable or edit any Before Query Business Rule on the sys_user table, so that end users can see the agent records, and are able to impersonate back.