Yes, such a functionality can be problematic, but sometimes there is no other way, so it might be necessary.
Some examples:
- On Unix/Linux, this functionality exists (
su - <username>
, which gives the same result as logging in as that user, but requires no password for root)
- the application I work on also has this, and it's essential for debugging problems with a user's personal settings (of which our app has many)
As pointed out, if complex settings depend on the logged-in user (environment vars, paths, personal settings in an application) there is often no other practical way to debug a user's problem.
As for logging / auditing: Use of this functionality should of course be logged. Other than that, you'll have to trust your admin not to abuse it. But that is valid for admins in general.
If you need to restrict your admins more, you need some kind of MAC (mandatory access control) system, w/o a "true" admin. That is possible, but much more complicated, so it's a tradeoff.