The Proxy User
You define proxy users in Fusion Service. In general, there should be one proxy user per self-service persona in Fusion Service. For example, the Digital Customer Service application can be used by either Customer Self-Service users or Customer Self-Service Account Administrators.
Since there are two personas, two proxy user accounts must be created and configured. You must also create an anonymous proxy user. The two proxy users that correspond to Digital Customer Service application roles are:
-
Customer Self-Service Users.
-
Customer Self-Service Account Administrators
You give the proxy user all the functional privileges or roles required by the persona. If you create a proxy user account for the Customer Self-Service Users persona give that account the Customer Self-Service User role. When you create a proxy user account for the Customer Self-Service Account Administrators persona give the account the Customer Self-Service User and Customer Self-Service Account Administrator roles.
A proxy user account is used by multiple actual users to perform REST operations in Fusion Service. An actual user accessing data gets the functional privileges from the proxy user but the data privileges are based on the GUID of the actual user in Identity Cloud Service. This ensures that a given user will be able to see relevant data.
Functional privileges are those that relate to actions a user can perform in user interface pages, whereas data privileges are those which concern which data a user can access.