Translate

Thursday, 11 February 2016

OBIEE 12c Impersonation of a User Impersonate


OBIEE 12c Impersonation of a User ( Impersonating User)

When Testing OBIEE 12c security you sometimes want to login as another user from your ldap with the roles assigned in the EM. 


The  "oracle.bi.server.impersonateUser" permission does not exist anymore in 12c as it did in OBIEE 11g..... 


To create a user or app role with permission to impersonate, create a permission grant using the ResourceType "oracle.bi.user", with a name of "*" and an action of "impersonate".

These are the steps to achieve this:


Connect to EM for your Oracle BIEE instance using an admin account.



















Click on the Weblogic Domain drop down, select “Security” and then “Application Policies”



Create a new application security grant


















Click on the create button in this screen.



Create Application Grant



















Click on +Add on the Permissions section


















Select “Resource Types” radio button
Select “oracle.bi.user” in the Resource Type drop down
Hit the continue button for this dialog



Add permission

















Type “*” in the Resource Name box
Select “impersonate” in the Permission Actions check box
Hit select


Add a new Grantee

Hit the +Add on the Grantee section
















You can choose to grant the newly created Permission to either an application role or user. In this document, I choose user .. weblogic...
Select “User” in the drop down
Select “Includes ” for Principal Name dropdown … and type * into the box
Hit the “>“ for the dialog. You will get the list of uses ..






















Select the user you want to give the permission to (in my case I used weblogic) and hit OK.
Hit “ok” on the “Create Application Grant” page.


Login to OBIEE as weblogic or your admin user and refresh the metadata and files. Or alternatively just bounce all servers ie .. weblogic servers... services...

Then try the Impersonate URL: It will work without bouncing but i noticed it started working adter around 10 minutes ... or just keep trying the URL... It will work as i have tested it...


So useful when testing Security in OBIEE 12c.


Over and Out .. Shahed M









1 comment:

  1. Does this work with Light weight SSO from OBIEE 12.2.1.3?

    ReplyDelete

Google Big Query Clone / Copy DataSets / Tables - PROD --> TEST --> DEV Projects

Google Big Query Cloning of Datasets & Tables across GCS Projects. We searched the internet and could not find a simple cloning / ...