For security reasons, the developer or support team is usually never given the end users login credentials so unless they re-create an account with the same privileges, they're unable to 'see what the end user sees'.
In OBIEE 11g Oracle outlines a detailed method for acting as another user through a 'proxy', outlined here .
This process requires pre-configuration and deployment of key tables to facilitate acting as another user, and is not set up 'out of the box'.
Although there is value in setting up the Act As / Proxy functionality (for example, a supervisor wants to delegate some of his work to his direct report), from a development and troubleshooting perspective, impersonation can be achieved with the HTTP header and and the following parameters:
- NQUser
- NQPassword
- Impersonate
For example:
http://hostname:9704/analytics/saw.dll?Logon&NQUser=Administrator&NQPassword=Administrator&Impersonate=usernametoimpersonate
Before you can use this feature, the appropriate privilege must be added to your Administrator role (usually BIAdministrator Application Role):
- oracle.bi.server.impersonateUser
- oracle.bi.server.queryUserPopulation
Step 1: Navigate to Application Policies in Fusion Middleware (:7001/em/)
Farm_BIFoundation_domain -> Business Intelligence -> coreapplication -> security -> Application Roles
Step 2: Add required roles to Administrator's Application Policies
In the obi_ strip, click the edit button for the Administration Application Policies and search for
- oracle.bi.server.impersonateUser
- oracle.bi.server.queryUserPopulation
No restart is required. You can now use:
http://hostname:9704/analytics/saw.dll?Logon&NQUser=Administrator&NQPassword=Administrator&Impersonate=usernametoimpersonate
to act as other end users. You will inherit all application roles as if you were the actual user.
keywords: obiee impersonate, obiee act as, obiee 11g security, obiee 11g answer
great article.Tq
ReplyDeleteThis comment has been removed by the author.
ReplyDelete