How to setup Proxy feature in OBIEE


To authorize users to act for others, perform the following tasks:
  1. Defining the Association Between Proxy Users and Target Users – Define a Database table
  2. Creating Session Variables for Proxy Functionality – init block to initialize repository session variable
  3. Modifying the instanceconfig.xml File for Proxy Functionality- configuration changes for enabling proxy
  4. Creating a Custom Message Template for Proxy Functionality – custom message that runs the DB query from web
  5. Assigning the Proxy Privilege – Required Privileges for proxy
  1. Create a table in the database where relationship between proxy and target user is defined. Note that this can be different database than the main DW,
Basic requirement is to have a connection pool pointing the database

  1. Create 2 initialization blocks dependent on Authentication that initializes Proxy variable in RPD

  1. Make changes in the instanceconfig.xml file for enabling proxy. For example: (Check presentation admin guide for more info)
<LogonParam>
<TemplateMessageName>LogonParamSQLTemplate</TemplateMessageName>
<MaxValues>100</MaxValues>
</LogonParam>
  1. Create a custommessage.xml file with following content that specifies template for getting target users for a given proxy. Sample file is given below. Note that the query use Execute physical syntax so the connection pool for example, “Paint.Paint” has execute physical flag enabled in the RPD
    <?xml version=”1.0″ encoding=”utf-8″?>
    <WebMessageTables xmlns:sawm=”com.siebel.analytics.web/message/v1″>
    <WebMessageTable translate=”no”>
    <WebMessage name=”LogonParamSQLTemplate”>
    <XML>
    <logonParam name=”RUNAS”>
    <getValues>EXECUTE PHYSICAL CONNECTION POOL paint.paint select targetuserid from Proxy where userid=’@{USERID}’</getValues>
    <verifyValue>EXECUTE PHYSICAL CONNECTION POOL paint.paint select targetuserid from Proxy where userid =’@{USERID}’ and targetuserid=’@{VALUE}’</verifyValue>
    <getDelegateUsers>EXECUTE PHYSICAL CONNECTION POOL paint.paint select userid, proxylevel from Proxy where targetuserid=’@{USERID}’</getDelegateUsers>
    </logonParam>
    </XML>
    </WebMessage>
    </WebMessageTable>
    </WebMessageTables>
This message should be placed in
You can create the custom message template in one of the following files:
The custom message file in the SADATAROOTDIR\web\msgdb\customMessages folder, where
SADATAROOTDIR is the installation directory
A separate XML file named custommessages.xml in the SADATAROOTDIR\web\msgdb folder, where SADATAROOTDIR
is the installation directory
  1. Enable Proxy privilege in the Webcat from Settings->Administration->Manage Privileges and look for proxy and provide access to “Act as Proxy” to specific groups for which proxy should be enabled.
  2. Troubleshooting, if there is any error during Proxy feature use look into SAW log file. It will write some error message there. Also check NQServer.log file.
Labels: