OBIEE 12c Impersonation of a User ( Impersonating User)When Testing OBIEE 12c security you sometimes want to login as another user from your ldap with the roles assigned in the EM.
The "oracle.bi.server.impersonateUser" permission does not exist anymore in 12c as it did in OBIEE 11g.....
To create a user or app role with permission to impersonate, create a permission grant using the ResourceType "oracle.bi.user", with a name of "*" and an action of "impersonate".
These are the steps to achieve this:
Connect to EM for your Oracle BIEE instance using an admin account.
Click on the Weblogic Domain drop down, select “Security” and then “Application Policies”
Click on the create button in this screen.
Select “Resource Types” radio button
Select “oracle.bi.user” in the Resource Type drop downHit the continue button for this dialog
Type “*” in the Resource Name box
Select “impersonate” in the Permission Actions check box
Add a new Grantee
Hit the +Add on the Grantee section
You can choose to grant the newly created Permission to either an application role or user. In this document, I choose user .. weblogic...
Select “User” in the drop down
Select “Includes ” for Principal Name dropdown … and type * into the box
Hit the “>“ for the dialog. You will get the list of uses ..
Select the user you want to give the permission to (in my case I used weblogic) and hit OK.
Hit “ok” on the “Create Application Grant” page.
Login to OBIEE as weblogic or your admin user and refresh the metadata and files. Or alternatively just bounce all servers ie .. weblogic servers... services...
Then try the Impersonate URL: It will work without bouncing but i noticed it started working adter around 10 minutes ... or just keep trying the URL... It will work as i have tested it...
So useful when testing Security in OBIEE 12c.
Over and Out .. Shahed M