OBIEE Act as Proxy User Functionality


In this article, I try to explain the concepts of “Act as Proxy”.
One of the very good features of BI EE is its ability to enable proxy functionality for all/some users.
One good example is, a manager user allowing one of his direct repartees to create reports for him. We shell be using 2 terms here. They are Proxy User and Target User. You can understand what these 2 users mean from the below diagram.
image001
Basically Proxy User is the user who would be proxying as other users. I.e. User A can proxy as user B, C and D (target Users).
The background of this utility is, using this feature one user can act a proxy user and can give a proxy on behalf of other user here called Target user, such a way that Proxy user can edit, manipulate the request created by Target user. Being an Administrator, he has to assign the Proxy permission to the group of people who will act as Proxy User. Thus Administrator will be delegating the permissions .Which proxy user will access which Target user report could be determined by the mapping defined under back-end table. So whatever the Report and Dashboard the Target user have access would be visualized by the Proxy User.
Sometime Global Administrator user wants to see the reports of the target users for debugging purpose. In this scenario he/she might be interested for acting as Proxy User and assign the Act as Proxy for him/her. This is a typical scenario where this feature is suitable.
Below specifies the Proxy feature in step by step approach:
1) For my case I have build a repository using the Supplier2 schema .Apart from that I have created a PROXY_TABLE to maintain a relationship between Proxy and Target user list as below Create PROXY_TABLE in database.
Create table PROXY_TABLE
(
PROXY_USER varchar(30),
TARGET_USER varchar(30),
ACCESS_TYPE vaychar(10)
)
Insert some records in table:
Create table
PROXY_USER TARGET_USER ACCESS_TYP
------------------------------ ------------------------------ ----------
proxyuser1 targetuser1 full
proxyuser1 targetuser4 restricted
proxyuser2 targetuser2 restricted
So here ACCESS_TYPE is a column which takes 2 values — full or restricted. If full access is provided, then the Proxy user list would have edit/read privileges of the Target user Dashboards/Pages/Reports (Proxy user himself should have those read/edit privileges). If restricted access is provided, then the Proxy user would only have read privileges (provided the proxy user himself has those privileges).
Added that table in my repository.
image004
2)My RPD configuration as below : I have also created the 5 users in RPD appeared above among which ‘proxyuser1′ , ‘proxyuser2′, ‘targetuser1’, ‘targetuser2’, ‘targetuser4’ have been added under user group ‘Proxy_User_Groups’ and add this group under Administrator group. This user group I have to create in Web Catalog as well so that Act as Proxy can only be given to that group.
image006
image008
3) Now we have to create the list of Session Initialization Block and Variable to fetch the target user list based on the logged in Proxy user.
image010
Hence I create Init Block ‘Set runs’ which will populate a Non-System Session variable RUNAS defined later in sqltemplate file and it is acting as a parameter to that custom Logon template file .Since we will pass this variable in next Init block hence lets populate it using a dummy SQL as :
“SELECT ‘SOMETHING’ FROM DUAL”
image012
4) Lets initialize a System Session Variable ‘PROXY’ using the query below and set the proper execution precedence.
SELECT TARGET_USER FROM PROXY_TABLE
WHERE 'VALUEOF(NQ_SESSION.RUNAS)'= TARGET_USER
AND ':USER'= PROXY_USER
image014
5) Initialize Proxy Level variable as Non-System Session variable to define the access type using below SQL :
SELECT ACCESS_TYPE FROM PROXY_TABLE
WHERE 'VALUEOF(NQ_SESSION.RUNAS)' = TARGET_USER
AND ':USER'=PROXY_USER
image016
6) Now let’s put a instanceconfig.xml entry below just before tag </ServerInstance>
<LogonParam>
<TemplateMessageName>ProxyLogonParamTemplate</TemplateMessageName>
<MaxValues>200</MaxValues>
</LogonParam>
This will ensure that a new message template can be called where template name is “ProxyLogonParamTemplate” and the Max Value specifies maximum how many users can be defined as “Act As”.
image018
7) We need to define the custom message template as below and save the file as “ProxyUser.xml’ under “..\OracleBI\web\msgdb\customMessages” .
This custom message template for the proxy functionality contains the SQL to get the list of target users that a proxy user can Act As. This list appears in the User box in the Act As dialog box.
image020
8 ) Now Restart BI server and Presentation server .
9) Using targetuser1, targetuser2, targetuser4, I have developed two reports .So that when proxyuser1 logged in he/she would be able to Act as targetuser1, targetuser4 and can see the reports developed by targetuser1 & targetuser4.but can edit report created by targetuser1 because access_type for targetuser1 is FULL and can’t edit report created by targetuser4 because access_type for targetuser4 is RESTRICTED. Similarly targetuser2 report is also delegated to proxyuser2. But proxyuser2 would not be able to modify targetuser2 reports .
10) Using Administrator login Goto Manage Privileges and under “Act As Proxy” set the Proxy user group .For my case, I have Granted the privileges to ” Proxy_User_Groups ”. And add members (proxyuser1, proxyuiser2) in this group.
image022
image024
11) I have logged in as proxyuser1 and landed to below reports which is proxyuser1′s
Own report not targetuser1 report.
image026
Now click on “Set As” under Settings link and you will get a small window open which will be populated using ‘targetuser1′ and ‘targetuser4’ .As much as target user defined it will be get populated in this drop down list.
image028
12) Now clicked “ok” and landed to the report developed by ‘targetuser1′ in his/her own dashboard .As the ‘Edit Dashboard’ option is enabled hence you can do any modification here and save the
Report. Next time when ‘targetuser1′ will log into system he/she can easily find the changes done by someone! Here by its Proxy.
image031
13) Now logout from ‘proxyuser1′ and logged in as ‘proxyuser2′.
image033
Go to Settings and clicked on “Set As” .After that ‘targetuser2′ should be selected .Click “ok” .Now you can see ‘targetuser2′ dashboard reports.
image035
And now check ‘Edit option’ is disabled since “proxyuser2″ has “restricted” access level defined under PROXY_TABLE.
image39
Hopefully, this article will help you to implement the Act as Proxy Feature.