Determines whether a process can assume the identity of any user and thereby gain access to the resources that the user is authorized to access. Typically, only low-level authentication services require this user right. Potential access is not limited to what is associated with the user by default. The calling process may request that arbitrary additional privileges be added to the access token. The calling process may also build an access token that does not provide a primary identity for auditing in the system event logs.
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Act as part of the operating system
SeTcbPrivilege
Privilege Escalation (TA0004)