The impersonation plugin lets users switch to a limited identity with permissions restricted to a single group to which the user already belongs. This feature would not normally be useful, however with the Authorize Project Plugin this feature can become quite useful.
Ordinarily we do not want jobs for a specific project from running as a user in that specific project... as if the user leaves the project their credentials may be broken... much better to run the job as a group identity.
The issue with using a group identity, however, is that it is not easy to manage the credentials store of that group identity, or to perform other operations that are restricted to the user that the job runs as.
By using the impersonation plugin we can downgrade our current sessions permissions to the restricted set of the group identity and achieve these goals.
See http://www.youtube.com/watch?v=LmByy0IGt3c for a brief demo