Thursday, March 28, 2013

[OBIEE 11g] Impersonate Or Act As Other Users

 
 


Impersonate or Act As Other Users in OBIEE 11g




In a typical Oracle Business Intelligence (OBIEE) 11g environment, potential defects or data discrepancies arise that will require the production support team to investigate or research the potential issue. A useful way to research the issue is by having the developer 'act as' the specific end user who is encountering the defect, usually by logging in as their account or an account with similar security rights.

For security reasons, the developer or support team is usually never given the end users login credentials so unless they re-create an account with the same privileges, they're unable to 'see what the end user sees'.

In OBIEE 11g Oracle outlines a detailed method for acting as another user through a 'proxy', outlined here .

This process requires pre-configuration and deployment of key tables to facilitate acting as another user, and is not set up 'out of the box'.

Although there is value in setting up the Act As / Proxy functionality (for example, a supervisor wants to delegate some of his work to his direct report), from a development and troubleshooting perspective, impersonation can be achieved with the HTTP header and and the following parameters:


  • NQUser
  • NQPassword
  • Impersonate



For example:


http://hostname:9704/analytics/saw.dll?Logon&NQUser=Administrator&NQPassword=Administrator&Impersonate=usernametoimpersonate


Before you can use this feature, the appropriate privilege must be added to your Administrator role (usually BIAdministrator Application Role):

  • oracle.bi.server.impersonateUser
  • oracle.bi.server.queryUserPopulation




Step 1: Navigate to Application Policies in Fusion Middleware (:7001/em/)



Farm_BIFoundation_domain -> Business Intelligence -> coreapplication -> security -> Application Roles








Step 2: Add required roles to Administrator's Application Policies

In the obi_ strip, click the edit button for the Administration Application Policies and search for

  • oracle.bi.server.impersonateUser
  • oracle.bi.server.queryUserPopulation






No restart is required. You can now use:


 http://hostname:9704/analytics/saw.dll?Logon&NQUser=Administrator&NQPassword=Administrator&Impersonate=usernametoimpersonate


to act as other end users. You will inherit all application roles as if you were the actual user.







Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)