As an admin I need to be able to become any user so as to see exactly what they are seeing.

I would be in favor of this if it was a READ/ONLY ability, otherwise there are DB integrity issues for review comments and signatures.

I think I'd go the other way from ssmorgan -- I'd like the admin to be able to do pretty much anything so we can make the tool conform to us rather than the other way around.

I believe it's important that the impersonate option allow full-access to the user account.  There is no reason the system can't set a flag that the user is being impersonated and note that in any changes to a review.    "Action taken by <username>(impersonated by admin <adminname>)"