It's possible to "simulate" a user using the master key? I would like this feature to test what the user can really see in the application and verify that he does not have access to some part of it etc.
Is this possible without knowing the password of the user?
If you want to test how user, roles, and permissions work, a simple way to do it is to make command line REST requests against the parse-server. Here's the guide.
You should be able to go into your parse dashboard and locate a user, look at their session token and then use that in queries to simulate that user's permissions.
With a session token, you can query objects in parse like this:
$ curl \
-X GET \
-H 'X-Parse-Application-Id: ABC123 \
-H "X-Parse-Session-Token: r:XXXXXX" \
-H "Content-Type: application/json" \
https://cloud.so.good/parse/classes/Product
For a complex system, you'll want to cover your cloud code to ensure that all is working as expected. A good place to start would be with parse-server's extensive test coverage, including ACL's
You can create a Parse.Session object for the particular user, setting the user and expiresAt fields. You creating the object, get the sessionToken key from the object.
Then for any request you are trying to make, you will set the X-Parse-Session-Token header to be the value of the session token.
