Sunday, January 13, 2013

How-to: Impersonate or Act As Other Users (e.g. End Users) in OBIEE 11g

In a typical Oracle Business Intelligence (OBIEE) 11g environment, potential defects or data discrepancies arise that will require the production support team to investigate or research the potential issue. A useful way to research the issue is by having the developer 'act as' the specific end user who is encountering the defect, usually by logging in as their account or an account with similar security rights.

For security reasons, the developer or support team is usually never given the end users login credentials so unless they re-create an account with the same privileges, they're unable to 'see what the end user sees'.

In OBIEE 11g Oracle outlines a detailed method for acting as another user through a 'proxy', outlined here .
This process requires pre-configuration and deployment of key tables to facilitate acting as another user, and is not set up 'out of the box'.

Although there is value in setting up the Act As / Proxy functionality (for example, a supervisor wants to delegate some of his work to his direct report), from a development and troubleshooting perspective, impersonation can be achieved with the HTTP header and and the following parameters:


  • NQUser
  • NQPassword
  • Impersonate
For example:
http://hostname:9704/analytics/saw.dll?Logon&NQUser=Administrator&NQPassword=Administrator&Impersonate=usernametoimpersonate

Before you can use this feature, the appropriate privilege must be added to your Administrator role (usually BIAdministrator Application Role):

  • oracle.bi.server.impersonateUser
  • oracle.bi.server.queryUserPopulation

Step 1: Navigate to Application Policies in Fusion Middleware (:7001/em/)

Farm_BIFoundation_domain -> Business Intelligence -> coreapplication -> security -> Application Roles


























Step 2: Add required roles to Administrator's Application Policies

In the obi_ strip, click the edit button for the Administration Application Policies and search for

  • oracle.bi.server.impersonateUser
  • oracle.bi.server.queryUserPopulation


No restart is required. You can now use:
 http://hostname:9704/analytics/saw.dll?Logon&NQUser=Administrator&NQPassword=Administrator&Impersonate=usernametoimpersonate
to act as other end users. You will inherit all application roles as if you were the actual user.






keywords: obiee impersonate, obiee act as, obiee 11g security, obiee 11g answer

2 comments: