SlideShare a Scribd company logo

Oracle BI EE - Act As

Rick Brobbel
Rick Brobbel

Oracle BI EE has a nice feature, called Act As. Setting this up and applying is a techy trick, where (as usual) the devil is in the details and (as usual) the Oracle Documentation has room for improvement. This document describes it to the letter.

Technology
1 of 13
Download to read offline
Oracle BI EE JDE Cadran – Accelerate Act As Date: 25-11-2015 Author: Rick Brobbel Last Edited: Rick Brobbel Cadran Consultancy b.v. Project: Oracle BI EE Subject: Act As Version: v98
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 2 of 13 Subject : Act As Date : 25-11-15 1 Table of Contents 1 Act As.....................................................................................................................................32 1.1 Implementation .......................................................................................................................33 1.2 Temporary Delegation...........................................................................................................124 5
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 3 of 13 Subject : Act As Date : 25-11-15 Oracle BI EE - JDE Cadran - Accelerate – Act As 1 Act As Act As is used for impersonating users for reviewing and testing permissions and privileges and can be used for (temporary) delegates (i.e.1 during holidays) or for smaller organizations that want to enforce pure segregation of duties.2 Reference to the Oracle Documentation that was used for this: Oracle Docs.3 For this configuration the devil is in the details. Follow below instructions to the minute letter. 4 1.1 Implementation Step Print Remarks Create a database table with the information Proxy Level must be small caps. User IDs are case sensitive. When you enable a user to be a proxy user, you also assign an authority level (called the proxy level). The proxy level determines the privileges and permissions granted to the proxy user when accessing the catalog objects of the target user. The following list describes the proxy levels: · restricted — Permissions are read-only to the objects to which the target user has access. Privileges are determined by the proxy user's account (not the target user's account). For example, suppose a proxy user has not been assigned the Access to Answers privilege, and the target user has. When the proxy user is acting as the target user, the target user cannot access Answers. · full — Permissions and privileges are inherited from the target user's account. For example, suppose a proxy user has not been assigned the Access to Answers privilege, and the target user has. When the proxy user is acting as the target user, the target user can access Answers.
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 4 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks The data in this table is case sensitive, so beware that · users are entered exactly as they are stored in WLS or MSAD · levels must be small caps · dates must be numeric as type date does not work Repository Metadata Physical Layer When setting up and changing setup make sure this table is not cacheable. Repository Session Variables See details below
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 5 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Create Repository Session Variable called Proxy to be populated by Initialization Block called ProxyBlock This Initialization Block sets the value of the variable ProxyBlock, which selects the Target User that can then be used in the Web Catalog. SELECT TARGETID FROM VALUEOF(OBI_REPOS_USER).ACTAS WHERE UPPER(PROXYID) = UPPER(':USER') AND UPPER(TARGETID) = UPPER('VALUEOF(NQ_SESSION.RUNAS)') AND TO_NUMBER(TO_CHAR(SYSDATE,'YYYYMMDD')) BETWEEN DATEFROM AND DATETHRU The content of these SQL statement is not in line with the documentation. They were the outcome on the support by Oracle in assistance with SR 3-9403695961 (see known issues below) - Solved The effective period can be used for temporary delegates. See next paragraph.
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 6 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Create Repository Session Variable ProxyLevel This Initialization Block sets the value of the variable ProxyLevel, which selects the level that the delegate user can act on (Full or Restricted). SELECT PROXYLEVEL FROM VALUEOF(OBI_REPOS_USER).ACTAS WHERE UPPER(TARGETID) = UPPER('VALUEOF(NQ_SESSION.RUNAS)') AND UPPER(PROXYID) = UPPER('VALUEOF(NQ_SESSION.RUNASORIGUSE R)') The content of these SQL statement is not in line with the documentation. They were the outcome on the support by Oracle in assistance with SR 3-9403695961 (see known issues below) - Solved This statement does not require the effective period. This is only needed in the Proxy Block.
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 7 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Edit the instanceconfi g.xml Add code: <LogonParam> <TemplateMessageName>LogonParamSQLTemp late</TemplateMessageName> <MaxValues>100</MaxValues> </LogonParam> Save and Restart the Services Create the correct folder structure Directory: /app/oracle/obiee11117/instances/instance1/bifounda tion/OracleBIPresentationServicesComponent/coreap plication_obips1/msgdb/l_en/customMessages FileName: LogonParamSQLTemplate.xml Create the XML file <?xml version="1.0" encoding="utf-8" ?> <WebMessageTables xmlns:sawm="com.siebel.analytics.web.m essageSystem"> <WebMessageTable system="SecurityTemplates" table="Messages"> <WebMessage name="LogonParamSQLTemplate"> <XML> <logonParam name="RUNAS"> <!-- for EXECUTE PHYSICAL CONNECTION POOL, SQL_Paint.SQL_Paint = --> <!-- SAS Repository physical_dbname.conn_pool_name -->
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 8 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks <getValues>EXECUTE PHYSICAL CONNECTION POOL "BIRepository"."BIRepositoryConnPool" select TARGETID from ACTAS where PROXYID='@{USERID}'</getValues> <verifyValue>EXECUTE PHYSICAL CONNECTION POOL "BIRepository"."BIRepositoryConnPool" select TARGETID from ACTAS where PROXYID='@{USERID}' and TARGETID='@{VALUE}'</verifyValue> <getDelegateUsers>EXECUTE PHYSICAL CONNECTION POOL "BIRepository"."BIRepositoryConnPool" select PROXYID, PROXYLEVEL from ACTAS where TARGETID='@{USERID}'</getDelegateUsers > </logonParam> </XML> </WebMessage> </WebMessageTable> </WebMessageTables>
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 9 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Grant Privilege to access this function For each user or role you want to allow this option, make sure the privileges are set correctly. Act As button shows under user ID Note that for instance the option Administration is there and the the options under New are fully open to that what a BI Administrator can do. The user biadmin can select from the users he can impersonate for.
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 10 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks User is now acting as other user Note that for instance the option Administration is gone and the the options under New are limited to that what a BI Consumer can do. Logon as TRADER The delegated user can see users who can take over how in their Account Profile settings. 1 TIPS · Before a proxy user can act as a target user, the target user must have signed into Presentation Services at least once and accessed a dashboard. · Changes in restrictions or privileges may not be directly visible but are executed and may require restart of the BI Services. 2 3
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 11 of 13 Subject : Act As Date : 25-11-15 1 KNOWN ISSUES SR Description Situation Entered Status Date Resolution SR 3- 8744510391 OBIEE - Can't get ActAs functionality to work Act As setup according to the letter of the documentation. Button appears, but drop down with choice list containing users remains empty. 28 Mar 2014 RESOLVED 28 Jul 2014 Changing the user IDs in the ActAs-table to case sensitive. Also proxy level full or restricted is and must be small caps. SR 3- 9403695961 OBIEE - Act As Permission Inheritance The permissions (full or restricted) are not inherited properly. And also not reset correctly when stopping act as. 28 Jul 2014 RESOLVED 09 Oct 2014 Bug 18695152 : OBIEE 11G: PRIVILEGES NOT APPLIED TO PROXY (ACT-AS) USERS Full works. Restricted not. Different behavior in my setup compared to the case with Oracle resulted in slightly different SQL statements for the session variable init blocks. SR 3- 9403695961 OBIEE - Act As Permission Inheritance Level Restricted not working properly 03 Sep 2014 RESOLVED 21 Oct 2014 With new setup instructions it now works. SR 3- 9761586135 Act As - Effective Dates Attempt to work with effective dates 21 Oct 2014 RESOLVED 26 Nov 2014 When the effective dates are set up as format NUMBER and not DATE it starts to work with the additional instructions from Oracle. 2 3
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 12 of 13 Subject : Act As Date : 25-11-15 1.2 Temporary Delegation Act As can also be used for temporary delegations, such as holiday or sick leave replacements. Thus an employee can impersonate a1 colleague, take over that person's restrictions and work with his authentication, still taking segregation of duty into account.2 This is where the Date From and the Date Thru in the Act As table come in. The logged user can still see and select the Act As user, but when3 selected outside of the effective period it will return a sign in error:4 5 6 7 8
ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 13 of 13 Subject : Act As Date : 25-11-15 1 When another effective date is required simply alter the DateFrom and the DateThru in the ActAs table in the database.2 When a specific ActAs is no longer applicable simply remove the record from the ActAs table in the database.3 4 5

Recommended

Oracle BIEE - Usage Tracking
Oracle BIEE - Usage TrackingOracle BIEE - Usage Tracking
Oracle BIEE - Usage Tracking
Rick Brobbel
 
Pierre Xavier Portfolio
Pierre Xavier PortfolioPierre Xavier Portfolio
Pierre Xavier Portfolio
pbxavier
 
Bilir's Business Intelligence Portfolio SSAS Project
Bilir's Business Intelligence Portfolio SSAS ProjectBilir's Business Intelligence Portfolio SSAS Project
Bilir's Business Intelligence Portfolio SSAS Project
Figen Bilir
 
Business Intelligence Portfolio
Business Intelligence PortfolioBusiness Intelligence Portfolio
Business Intelligence Portfolio
dklawson
 
Chaitanya_updated resume
Chaitanya_updated resumeChaitanya_updated resume
Chaitanya_updated resume
Chaitanya Lakshmi
 
Chaitanya_updated resume
Chaitanya_updated resumeChaitanya_updated resume
Chaitanya_updated resume
Chaitanya Lakshmi
 
Apd and bpc
Apd and bpcApd and bpc
Apd and bpc
Saravanamagesh Ganesan
 
Oracle BIEE - Everything you always wanted to know about cache
Oracle BIEE - Everything you always wanted to know about cacheOracle BIEE - Everything you always wanted to know about cache
Oracle BIEE - Everything you always wanted to know about cache
Rick Brobbel
 

Recommended

Oracle BIEE - Usage Tracking
Oracle BIEE - Usage TrackingOracle BIEE - Usage Tracking
Oracle BIEE - Usage Tracking
Rick Brobbel
 
Pierre Xavier Portfolio
Pierre Xavier PortfolioPierre Xavier Portfolio
Pierre Xavier Portfolio
pbxavier
 
Bilir's Business Intelligence Portfolio SSAS Project
Bilir's Business Intelligence Portfolio SSAS ProjectBilir's Business Intelligence Portfolio SSAS Project
Bilir's Business Intelligence Portfolio SSAS Project
Figen Bilir
 
Business Intelligence Portfolio
Business Intelligence PortfolioBusiness Intelligence Portfolio
Business Intelligence Portfolio
dklawson
 
Chaitanya_updated resume
Chaitanya_updated resumeChaitanya_updated resume
Chaitanya_updated resume
Chaitanya Lakshmi
 
Chaitanya_updated resume
Chaitanya_updated resumeChaitanya_updated resume
Chaitanya_updated resume
Chaitanya Lakshmi
 
Apd and bpc
Apd and bpcApd and bpc
Apd and bpc
Saravanamagesh Ganesan
 
Oracle BIEE - Everything you always wanted to know about cache
Oracle BIEE - Everything you always wanted to know about cacheOracle BIEE - Everything you always wanted to know about cache
Oracle BIEE - Everything you always wanted to know about cache
Rick Brobbel
 
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
jasoninnes20
 
Crack the complexity of oracle applications r12 workload v2
Crack the complexity of oracle applications r12 workload v2Crack the complexity of oracle applications r12 workload v2
Crack the complexity of oracle applications r12 workload v2
Ajith Narayanan
 
resume_abdul_up
resume_abdul_upresume_abdul_up
resume_abdul_up
Abdul Kareem Khan
 
Preparing forr12-140703020001-phpapp02
Preparing forr12-140703020001-phpapp02Preparing forr12-140703020001-phpapp02
Preparing forr12-140703020001-phpapp02
shubham gupta
 
Preparing for EBS R12.2-upgrade-full
Preparing for EBS R12.2-upgrade-fullPreparing for EBS R12.2-upgrade-full
Preparing for EBS R12.2-upgrade-full
Berry Clemens
 
Building rich domain models with ddd and tdd ivan paulovich - betsson
Building rich domain models with ddd and tdd ivan paulovich - betssonBuilding rich domain models with ddd and tdd ivan paulovich - betsson
Building rich domain models with ddd and tdd ivan paulovich - betsson
Ivan Paulovich
 
206530 getting started with p6 analytics and reporting
206530 getting started with p6 analytics and reporting206530 getting started with p6 analytics and reporting
206530 getting started with p6 analytics and reporting
p6academy
 
4392091081755796971 emea10 zero_downtimeoperations
4392091081755796971 emea10 zero_downtimeoperations4392091081755796971 emea10 zero_downtimeoperations
4392091081755796971 emea10 zero_downtimeoperations
Locuto Riorama
 
Functional_SpecsBA
Functional_SpecsBAFunctional_SpecsBA
Functional_SpecsBA
Bill Gladwin
 
Free CCBA V3 question bank
Free CCBA V3 question bankFree CCBA V3 question bank
Free CCBA V3 question bank
LN Mishra CBAP
 
Encumbrance accounting in oracle ebs r12
Encumbrance accounting in oracle ebs r12Encumbrance accounting in oracle ebs r12
Encumbrance accounting in oracle ebs r12
Sam Elrashedy
 
Oracle Ebiz R12.2 Features -- Ravi Sagaram
Oracle Ebiz R12.2 Features -- Ravi SagaramOracle Ebiz R12.2 Features -- Ravi Sagaram
Oracle Ebiz R12.2 Features -- Ravi Sagaram
ravisagaram
 
RBJayaram
RBJayaramRBJayaram
RBJayaram
RB Jayaram
 
High Performance SSRS
High Performance SSRSHigh Performance SSRS
High Performance SSRS
Bert Wagner
 
Salesforce Spring'15 release overview
Salesforce Spring'15 release overviewSalesforce Spring'15 release overview
Salesforce Spring'15 release overview
Rakesh Gupta
 
MS Project Integration: Tips, Tricks and What's New for You
MS Project Integration: Tips, Tricks and What's New for YouMS Project Integration: Tips, Tricks and What's New for You
MS Project Integration: Tips, Tricks and What's New for You
CA Technologies
 
SAP BusinessObjects BI 4.3
SAP BusinessObjects BI 4.3SAP BusinessObjects BI 4.3
SAP BusinessObjects BI 4.3
Wiiisdom
 
UK Conference 2018_Effective SAM without tooling_Wilson Bigg
UK Conference 2018_Effective SAM without tooling_Wilson BiggUK Conference 2018_Effective SAM without tooling_Wilson Bigg
UK Conference 2018_Effective SAM without tooling_Wilson Bigg
Martin Thompson
 
Implementing Agile In Non-Agile World : Presented By Kshitij Agrawal
Implementing Agile In Non-Agile World : Presented By Kshitij AgrawalImplementing Agile In Non-Agile World : Presented By Kshitij Agrawal
Implementing Agile In Non-Agile World : Presented By Kshitij Agrawal
oGuild .
 
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Extra Technology
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 

More Related Content

Similar to Oracle BI EE - Act As

BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
jasoninnes20
 
Preparing for EBS R12.2-upgrade-full
Preparing for EBS R12.2-upgrade-fullPreparing for EBS R12.2-upgrade-full
Preparing for EBS R12.2-upgrade-full
Berry Clemens
 
4392091081755796971 emea10 zero_downtimeoperations
4392091081755796971 emea10 zero_downtimeoperations4392091081755796971 emea10 zero_downtimeoperations
4392091081755796971 emea10 zero_downtimeoperations
Locuto Riorama
 
Functional_SpecsBA
Functional_SpecsBAFunctional_SpecsBA
Functional_SpecsBA
Bill Gladwin
 
MS Project Integration: Tips, Tricks and What's New for You
MS Project Integration: Tips, Tricks and What's New for YouMS Project Integration: Tips, Tricks and What's New for You
MS Project Integration: Tips, Tricks and What's New for You
CA Technologies
 
Implementing Agile In Non-Agile World : Presented By Kshitij Agrawal
Implementing Agile In Non-Agile World : Presented By Kshitij AgrawalImplementing Agile In Non-Agile World : Presented By Kshitij Agrawal
Implementing Agile In Non-Agile World : Presented By Kshitij Agrawal
oGuild .
 
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Extra Technology
 

Similar to Oracle BI EE - Act As (20)

BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
 
Crack the complexity of oracle applications r12 workload v2
Crack the complexity of oracle applications r12 workload v2Crack the complexity of oracle applications r12 workload v2
Crack the complexity of oracle applications r12 workload v2
 
resume_abdul_up
resume_abdul_upresume_abdul_up
resume_abdul_up
 
Preparing forr12-140703020001-phpapp02
Preparing forr12-140703020001-phpapp02Preparing forr12-140703020001-phpapp02
Preparing forr12-140703020001-phpapp02
 
Preparing for EBS R12.2-upgrade-full
Preparing for EBS R12.2-upgrade-fullPreparing for EBS R12.2-upgrade-full
Preparing for EBS R12.2-upgrade-full
 
Building rich domain models with ddd and tdd ivan paulovich - betsson
Building rich domain models with ddd and tdd ivan paulovich - betssonBuilding rich domain models with ddd and tdd ivan paulovich - betsson
Building rich domain models with ddd and tdd ivan paulovich - betsson
 
206530 getting started with p6 analytics and reporting
206530 getting started with p6 analytics and reporting206530 getting started with p6 analytics and reporting
206530 getting started with p6 analytics and reporting
 
4392091081755796971 emea10 zero_downtimeoperations
4392091081755796971 emea10 zero_downtimeoperations4392091081755796971 emea10 zero_downtimeoperations
4392091081755796971 emea10 zero_downtimeoperations
 
Functional_SpecsBA
Functional_SpecsBAFunctional_SpecsBA
Functional_SpecsBA
 
Free CCBA V3 question bank
Free CCBA V3 question bankFree CCBA V3 question bank
Free CCBA V3 question bank
 
Encumbrance accounting in oracle ebs r12
Encumbrance accounting in oracle ebs r12Encumbrance accounting in oracle ebs r12
Encumbrance accounting in oracle ebs r12
 
Oracle Ebiz R12.2 Features -- Ravi Sagaram
Oracle Ebiz R12.2 Features -- Ravi SagaramOracle Ebiz R12.2 Features -- Ravi Sagaram
Oracle Ebiz R12.2 Features -- Ravi Sagaram
 
RBJayaram
RBJayaramRBJayaram
RBJayaram
 
High Performance SSRS
High Performance SSRSHigh Performance SSRS
High Performance SSRS
 
Salesforce Spring'15 release overview
Salesforce Spring'15 release overviewSalesforce Spring'15 release overview
Salesforce Spring'15 release overview
 
MS Project Integration: Tips, Tricks and What's New for You
MS Project Integration: Tips, Tricks and What's New for YouMS Project Integration: Tips, Tricks and What's New for You
MS Project Integration: Tips, Tricks and What's New for You
 
SAP BusinessObjects BI 4.3
SAP BusinessObjects BI 4.3SAP BusinessObjects BI 4.3
SAP BusinessObjects BI 4.3
 
UK Conference 2018_Effective SAM without tooling_Wilson Bigg
UK Conference 2018_Effective SAM without tooling_Wilson BiggUK Conference 2018_Effective SAM without tooling_Wilson Bigg
UK Conference 2018_Effective SAM without tooling_Wilson Bigg
 
Implementing Agile In Non-Agile World : Presented By Kshitij Agrawal
Implementing Agile In Non-Agile World : Presented By Kshitij AgrawalImplementing Agile In Non-Agile World : Presented By Kshitij Agrawal
Implementing Agile In Non-Agile World : Presented By Kshitij Agrawal
 
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
Running Database Jobs with CA 7 and the CA Workload Automation Agent for Data...
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Oracle BI EE - Act As

  • 1. Oracle BI EE JDE Cadran – Accelerate Act As Date: 25-11-2015 Author: Rick Brobbel Last Edited: Rick Brobbel Cadran Consultancy b.v. Project: Oracle BI EE Subject: Act As Version: v98
  • 2. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 2 of 13 Subject : Act As Date : 25-11-15 1 Table of Contents 1 Act As.....................................................................................................................................32 1.1 Implementation .......................................................................................................................33 1.2 Temporary Delegation...........................................................................................................124 5
  • 3. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 3 of 13 Subject : Act As Date : 25-11-15 Oracle BI EE - JDE Cadran - Accelerate – Act As 1 Act As Act As is used for impersonating users for reviewing and testing permissions and privileges and can be used for (temporary) delegates (i.e.1 during holidays) or for smaller organizations that want to enforce pure segregation of duties.2 Reference to the Oracle Documentation that was used for this: Oracle Docs.3 For this configuration the devil is in the details. Follow below instructions to the minute letter. 4 1.1 Implementation Step Print Remarks Create a database table with the information Proxy Level must be small caps. User IDs are case sensitive. When you enable a user to be a proxy user, you also assign an authority level (called the proxy level). The proxy level determines the privileges and permissions granted to the proxy user when accessing the catalog objects of the target user. The following list describes the proxy levels: · restricted — Permissions are read-only to the objects to which the target user has access. Privileges are determined by the proxy user's account (not the target user's account). For example, suppose a proxy user has not been assigned the Access to Answers privilege, and the target user has. When the proxy user is acting as the target user, the target user cannot access Answers. · full — Permissions and privileges are inherited from the target user's account. For example, suppose a proxy user has not been assigned the Access to Answers privilege, and the target user has. When the proxy user is acting as the target user, the target user can access Answers.
  • 4. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 4 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks The data in this table is case sensitive, so beware that · users are entered exactly as they are stored in WLS or MSAD · levels must be small caps · dates must be numeric as type date does not work Repository Metadata Physical Layer When setting up and changing setup make sure this table is not cacheable. Repository Session Variables See details below
  • 5. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 5 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Create Repository Session Variable called Proxy to be populated by Initialization Block called ProxyBlock This Initialization Block sets the value of the variable ProxyBlock, which selects the Target User that can then be used in the Web Catalog. SELECT TARGETID FROM VALUEOF(OBI_REPOS_USER).ACTAS WHERE UPPER(PROXYID) = UPPER(':USER') AND UPPER(TARGETID) = UPPER('VALUEOF(NQ_SESSION.RUNAS)') AND TO_NUMBER(TO_CHAR(SYSDATE,'YYYYMMDD')) BETWEEN DATEFROM AND DATETHRU The content of these SQL statement is not in line with the documentation. They were the outcome on the support by Oracle in assistance with SR 3-9403695961 (see known issues below) - Solved The effective period can be used for temporary delegates. See next paragraph.
  • 6. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 6 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Create Repository Session Variable ProxyLevel This Initialization Block sets the value of the variable ProxyLevel, which selects the level that the delegate user can act on (Full or Restricted). SELECT PROXYLEVEL FROM VALUEOF(OBI_REPOS_USER).ACTAS WHERE UPPER(TARGETID) = UPPER('VALUEOF(NQ_SESSION.RUNAS)') AND UPPER(PROXYID) = UPPER('VALUEOF(NQ_SESSION.RUNASORIGUSE R)') The content of these SQL statement is not in line with the documentation. They were the outcome on the support by Oracle in assistance with SR 3-9403695961 (see known issues below) - Solved This statement does not require the effective period. This is only needed in the Proxy Block.
  • 7. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 7 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Edit the instanceconfi g.xml Add code: <LogonParam> <TemplateMessageName>LogonParamSQLTemp late</TemplateMessageName> <MaxValues>100</MaxValues> </LogonParam> Save and Restart the Services Create the correct folder structure Directory: /app/oracle/obiee11117/instances/instance1/bifounda tion/OracleBIPresentationServicesComponent/coreap plication_obips1/msgdb/l_en/customMessages FileName: LogonParamSQLTemplate.xml Create the XML file <?xml version="1.0" encoding="utf-8" ?> <WebMessageTables xmlns:sawm="com.siebel.analytics.web.m essageSystem"> <WebMessageTable system="SecurityTemplates" table="Messages"> <WebMessage name="LogonParamSQLTemplate"> <XML> <logonParam name="RUNAS"> <!-- for EXECUTE PHYSICAL CONNECTION POOL, SQL_Paint.SQL_Paint = --> <!-- SAS Repository physical_dbname.conn_pool_name -->
  • 8. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 8 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks <getValues>EXECUTE PHYSICAL CONNECTION POOL "BIRepository"."BIRepositoryConnPool" select TARGETID from ACTAS where PROXYID='@{USERID}'</getValues> <verifyValue>EXECUTE PHYSICAL CONNECTION POOL "BIRepository"."BIRepositoryConnPool" select TARGETID from ACTAS where PROXYID='@{USERID}' and TARGETID='@{VALUE}'</verifyValue> <getDelegateUsers>EXECUTE PHYSICAL CONNECTION POOL "BIRepository"."BIRepositoryConnPool" select PROXYID, PROXYLEVEL from ACTAS where TARGETID='@{USERID}'</getDelegateUsers > </logonParam> </XML> </WebMessage> </WebMessageTable> </WebMessageTables>
  • 9. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 9 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks Grant Privilege to access this function For each user or role you want to allow this option, make sure the privileges are set correctly. Act As button shows under user ID Note that for instance the option Administration is there and the the options under New are fully open to that what a BI Administrator can do. The user biadmin can select from the users he can impersonate for.
  • 10. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 10 of 13 Subject : Act As Date : 25-11-15 Step Print Remarks User is now acting as other user Note that for instance the option Administration is gone and the the options under New are limited to that what a BI Consumer can do. Logon as TRADER The delegated user can see users who can take over how in their Account Profile settings. 1 TIPS · Before a proxy user can act as a target user, the target user must have signed into Presentation Services at least once and accessed a dashboard. · Changes in restrictions or privileges may not be directly visible but are executed and may require restart of the BI Services. 2 3
  • 11. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 11 of 13 Subject : Act As Date : 25-11-15 1 KNOWN ISSUES SR Description Situation Entered Status Date Resolution SR 3- 8744510391 OBIEE - Can't get ActAs functionality to work Act As setup according to the letter of the documentation. Button appears, but drop down with choice list containing users remains empty. 28 Mar 2014 RESOLVED 28 Jul 2014 Changing the user IDs in the ActAs-table to case sensitive. Also proxy level full or restricted is and must be small caps. SR 3- 9403695961 OBIEE - Act As Permission Inheritance The permissions (full or restricted) are not inherited properly. And also not reset correctly when stopping act as. 28 Jul 2014 RESOLVED 09 Oct 2014 Bug 18695152 : OBIEE 11G: PRIVILEGES NOT APPLIED TO PROXY (ACT-AS) USERS Full works. Restricted not. Different behavior in my setup compared to the case with Oracle resulted in slightly different SQL statements for the session variable init blocks. SR 3- 9403695961 OBIEE - Act As Permission Inheritance Level Restricted not working properly 03 Sep 2014 RESOLVED 21 Oct 2014 With new setup instructions it now works. SR 3- 9761586135 Act As - Effective Dates Attempt to work with effective dates 21 Oct 2014 RESOLVED 26 Nov 2014 When the effective dates are set up as format NUMBER and not DATE it starts to work with the additional instructions from Oracle. 2 3
  • 12. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 12 of 13 Subject : Act As Date : 25-11-15 1.2 Temporary Delegation Act As can also be used for temporary delegations, such as holiday or sick leave replacements. Thus an employee can impersonate a1 colleague, take over that person's restrictions and work with his authentication, still taking segregation of duty into account.2 This is where the Date From and the Date Thru in the Act As table come in. The logged user can still see and select the Act As user, but when3 selected outside of the effective period it will return a sign in error:4 5 6 7 8
  • 13. ã Cadran Consultancy b.v. Author : Rick Brobbel Date printed : 25-11-15 Project : Oracle BI EE Page : 13 of 13 Subject : Act As Date : 25-11-15 1 When another effective date is required simply alter the DateFrom and the DateThru in the ActAs table in the database.2 When a specific ActAs is no longer applicable simply remove the record from the ActAs table in the database.3 4 5