TAGS

Recent Posts

Archives

Impersonating Users in Oracle Business Intelligence Enterprise Edition (OBIEE) to Test Security
Posted on September 21, 2016
Author: Doug Ross, Performance Architects

Oracle Business Intelligence Enterprise Edition (OBIEE) provides the capability to impersonate another user by adding some parameters to the URL when connecting to the presentation server in order to help debug user issues.  Two permissions must be added using “Enterprise Manager” to the “BI Administrator” application policy in order to enable this capability.

The steps are as follows:

  1. Log into Enterprise Manager and navigate to the Business Intelligence “coreapplication” panel.
  1. Click on the “Business Intelligence Instance” drop down and select “Application Policies.”
  1. Click on the “Application Stripe” drop down and select “obi.” Then, click on the right arrow button at the end of the “Name” line to display all “Application Policies.”  Scroll to find “BI Administrator” and click the “Edit” button.
  1. In the “Permissions” section at the bottom of the page, click on the “Add” button.
  1. We will be adding two permissions using the same technique: “oracle.bi.server.impersonateUser” and “oracle.bi.server.queryUserPopulation.” When the “Add” button is clicked, the pop-up window will look like this:
  1. Fill in one of the new permission names into the “Starts With” box and click the right arrow button to execute. The search results will then show the new permission. Click on the resulting row in the search results, and then click the “Continue” button at the bottom to proceed.  You must click on the row before clicking continue or it will not work correctly.
  1. The following window should be displayed. Click the “Select” button to proceed with adding the permission.
  2. The new permission has now been added to the “BI Administrator” application policy.
  3. Repeat steps 4-8 for the other permission: “oracle.bi.server.queryUserPopulation.”
  1. The changes in Enterprise Manager are applied immediately and no restart of any of the services is required.
  2. Now, any user who has been assigned to the “BI Administrator” application policy can impersonate another user. This is accomplished by adding parameters to the OBIEE login URL that include your username and password and the username of the user to impersonate.   For example:

p3dbwhdev.acme.com:9704/analytics/saw.dll?Logon&NQUser=dcr29&NQPassword=YourPasswordHere&Impersonate=mam682

When you use this URL and it logs in successfully, you will initially see just a blank screen.  You then have to navigate to the home screen by putting in the following URL:

http:// p3dbwhdev.acme.com:97049704/analytics/saw.dll?bieehome&startPage=1

Notice that after logging in, the username should display the impersonated user in the upper right.

Note: when entering passwords into the impersonation URL, replace any special characters like @, %, & with their ASCII equivalent.

Example:  %25 = %

%64 for @

(ASCII chart here:  http://www.ASCIItable.com/)

So a password of Abc@%123 would be entered as:

p3dbwhdev.acme.com:9704/analytics/saw.dll?Logon&NQUser=dcr29&NQPassword=Abc%64%25123&Impersonate=mam682

 

Share
© Performance Architects, Inc. and Performance Architects Blog, 2006 - present. Unauthorized use and/or duplication of this material without express and written permission from this blog's author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Performance Architects, Inc. and Performance Architects Blog with appropriate and specific direction to the original content.

Leave a Reply

Your email address will not be published. Required fields are marked *