What is Proxy User or Act As Function
The Act As or Proxy functionality authorizes a user to Act As another user, Once you are logged into OBIEE dashboards, you can see list of target users in the Act As function. This function is useful to move my dashboard data to shared, check the dashboard look and feel, etc. without having to ask other users.
Steps:
1. Create Proxy Table to associate Proxy ID to Target ID and provide the level of access required.
2. Import the tables to Physical Layer
3. Create Variables
4. Modify Instanceconfig.xml file and
5. Create a Custom Message Template
6. Enable the Proxy Function in Manage Privilege
7. Restart the services
8. Check the Act As Functionality
2. Import the tables to Physical Layer
3. Create Variables
4. Modify Instanceconfig.xml file and
5. Create a Custom Message Template
6. Enable the Proxy Function in Manage Privilege
7. Restart the services
8. Check the Act As Functionality
Key Points
1. The Proxy Id and Target Ids are case sensitive, ensure the same case if these user are coming from RPD or from LDAP or from external Authentication. I have used external DB authentication for this example.
2. The code VALUEOF(NQ_SESSION.RUNAS) should be same case in all variables.
1. Create Proxy Table as below (Ensure these users are part of your users (as per your user configuration from LDAP or RPD)
Import these tables into the physical layer of Admin tool.
3. Create three Session Variables as below
Set_RUNAS
On the Edit Data Source provide as select ‘something’ from dual and on edit data target, create variable as RUNAS (caps)
ProxyBlock
On the edit data source provide the statement as SELECT TARGETID FROM OBIEE_PROXY_USER WHERE ‘VALUEOF(NQ_SESSION.RUNAS)’=TARGETID AND ‘:USER’=PROXYID
And variable as PROXY (caps)
Click on Edit execution precedence and add Set_RUNAS variable.
Proxy Level
On the edit data source provide SELECT PROXY_LEVEL FROM PROXY_TABLE WHERE ‘VALUEOF(NQ_SESSION.RUNAS)’ = TARGETID AND ‘:USER’=PROXYID
On the edit data target as PROXY_LEVEL (caps)
And on the edit execution precedence, add the proxyblock variable.
Ensure there are no errors when you test these variables.
4. Modify Instanceconfig.xml file
Open the file from D:OracleBIDatawebconfig
Add the below code just after the <ServerInstance> and save it
<LogonParam>
<TemplateMessageName>LogonParamSQLTemplate</TemplateMessageName>
<MaxValues>200</MaxValues>
</LogonParam>
Note: LogonParamSQLTemplate is the new template which you will create in the below step, ensure you give the same name for the new template xml file.
200 is the max number of proxy users you can Act as.
5. Create a Custom Message Template
You have to create a custom message template for the proxy functionality to get the list of target users that a proxy user can Act as.
Create a XML file and place this file in \\OracleBIData\web\msgdb\customMessages. Give the name as LogonParamSQLTemplate.xml
Below is an example to create the code
<?xml version=”1.0″ encoding=”utf-8″ ?>
<WebMessageTables xmlns:sawm=”com.siebel.analytics.web.messageSystem”>
<WebMessageTable system=”SecurityTemplates” table=”Messages”>
<WebMessage name=”LogonParamSQLTemplate”>
<XML>
<logonParam name=”RUNAS”>
EXECUTE PHYSICAL CONNECTION POOL SH_Santosh.SH select targetId from OBIEE_PROXY_USER where proxyId=’@{USERID}’
EXECUTE PHYSICAL CONNECTION POOL SH_Santosh.SH select targetId from OBIEE_PROXY_USER where proxyId =’@{USERID}’ and targetId=’@{VALUE}’
EXECUTE PHYSICAL CONNECTION POOL SH_Santosh.SH select proxyId, proxyLevel from OBIEE_PROXY_USER where targetId =’@{USERID}’
</logonParam>
</XML>
</WebMessage>
</WebMessageTable>
</WebMessageTables>
6. Enable the Proxy Function in Manage Privilege
Logon to Dashboard using Administrator user, go to settings – administration – click on manage priviledges.
Search for Proxy and enable it to every one.
7. Restart the Oracle Server and Presentation services.
8. Check the Act As Functionality.
Logon Dashboard using Administrator, click on settings – Act As, you would see the below screen
Click on any of the user and click OK. You would see the dashboards for that person.
You can go stop and can switch to another user.