6 Using WebCenter Portal Impersonation

WebCenter Portal Impersonation lets designated users impersonate other WebCenter Portal users and perform operations as those users. It provides instructions for initiating an impersonation session (by the impersonator) and allowing an impersonation session (by the impersonatee).

Topics:

• About WebCenter Portal Impersonation

• Allowing an Impersonation Session

• Initiating an Impersonation Session

• Troubleshooting

Note:

Tasks discussed in this chapter are not available if WebCenter Portal Impersonation is not enabled for the current WebCenter Portal domain. For more information, see Preparing WebCenter Portal for Personalization in Oracle Fusion Middleware Administering Oracle WebCenter Portal.

Permissions:

The tasks for granting impersonation rights described in this chapter are available to any WebCenter Portal user. Tasks for initiating impersonation sessions are available only to users who have been configured as "impersonators" by the system administrator. For more information, see Configuring Impersonators in Oracle Fusion Middleware Administering Oracle WebCenter Portal.

6.1 About WebCenter Portal Impersonation

WebCenter Portal Impersonation allows a WebCenter Portal administrator assign impersonation rights to a user ("impersonators"), so that the user can impersonate another WebCenter Portal user and perform operations as that user ("impersonatees").

Note:

You cannot assign impersonation rights to a enterprise group.

This may be useful in the following instances:

• A customer support representative may want to perform actions as another user in order to understand the issues being faced by that user

• An administrator may want to perform operations on behalf of a user

• A company executive may need to delegate someone to act on his or her behalf while away

How impersonation is used will depend on choices that have been made locally. Note that the user to be impersonated must also first grant rights to the intended impersonator.

6.2 Allowing an Impersonation Session

As a WebCenter Portal user, you can grant impersonation rights to designated impersonators.

You can allow someone to impersonate you during a specified time slot using the My Impersonators screen. Note that impersonators will not be able to access the My Impersonators screen during an impersonation session.

To allow an impersonation session:

1. On the Users who can Impersonate me page, enter the User name or use the Search function to find the user to set up with an impersonation session. Note that only users with impersonator privileges are displayed.
2. Select the time slot during which the impersonator can impersonate you, and then click Add to add the user to the list of impersonators that can impersonate you.

   Note:

   You are granting rights to the user to impersonate you across all applications to which you have access. Exercise caution when choosing the impersonator and keep the access duration to a minimum duration.

   You can select:

   • For Next 1 hour to allow an impersonator to initiate an impersonation session during the next hour.

   • Today to allow an impersonator to initiate an impersonation session during the current day. Note that "today" means the end of today as defined by your selected time zone and preferences.

   • For a specific time period to allow an impersonator to conduct an impersonation session during a specific time slot for your time zone and preferences.

   The impersonator can now conduct an impersonation session during the allotted time.

3. After adding an impersonator, you can change the time slot or revoke impersonation rights.

   • To edit the impersonation session time slot, click Edit, change the start and end times, and click OK.

   • To revoke an impersonation grant, click Revoke and then click Revoke again when prompted.

   Note that impersonation grants that have already expired, or grants for users whose rights as a designated impersonator have been revoked by the administrator, will not appear in this list.

6.3 Initiating an Impersonation Session

This section describes how impersonators can initiate an impersonation session using either the Impersonation preferences page or using a hot key.

This section includes the following topics:

• Initiating an Impersonation Session Using the Impersonation Preferences Page

• Initiating an Impersonation Session Using a Hot Key

6.3.1 Initiating an Impersonation Session Using the Impersonation Preferences Page

You can view the impersonatees that have granted you impersonation rights and can initiate impersonation sessions using the Impersonation preferences page. Note that you must have been granted impersonation rights to access this screen by the administrator.

To view or start impersonation sessions:

1. On the Impersonation page, scroll down past the list of users who can impersonate you to the list of the users that have granted you impersonation rights. Note that unless you have been configured as an impersonator, you will not be able to impersonate other users and the list will be empty.

   If Switch User appears as an action in the list, it means that you can begin an impersonation for that user; No Action Possible means that the grant has expired or is for a future point in time.

2. To initiate an impersonation session from the Impersonation preferences page:

   1. Click Switch User to select the user to impersonate.

   2. When prompted, confirm your credentials to start the impersonation session.

      You will be taken to the impersonatee's home page and all ensuing actions during the session will be done on the impersonatee's system as if they were done by the impersonatee. The only exception to this is that during the session you will not be able to access the impersonatee's Impersonation page.

   3. Click Stop Impersonation on the impersonation overlay, or from your (the impersonator's) Impersonation preferences page to end the impersonation session.

6.3.2 Initiating an Impersonation Session Using a Hot Key

You can initiate an impersonation session using a hot key from within WebCenter Portal at any time, provided you have been granted impersonation rights (see Configuring Impersonators in Oracle Fusion Middleware Administering Oracle WebCenter Portal), and that one or more impersonatees have set up an impersonation session with you as the impersonator.

To initiate an impersonation session using a hot key:

1. After logging into WebCenter Portal, press Ctrl+Shift+I from anywhere within the application.

   Note:

   Although Ctrl+Shift+I is the default impersonation hot key, it can be reset to some other key sequence by the application administrator. If the default key sequence doesn't work, contact your administrator to check if the key has been reconfigured.

   The impersonation overlay displays (see Figure 6-1).

   Figure 6-1 Impersonation Overlay

   
   Description of "Figure 6-1 Impersonation Overlay"

   The overlay shows a list of those users who you can impersonate ordered by the impersonation session start time.

2. Click Switch User to select the user to impersonate.

   You can also click X to dismiss the overlay if you decide not to start impersonating now, or the user has not yet granted you impersonation rights. Press Ctrl+Shift+I again to invoke the overlay while you still have impersonation rights for one or more users.

3. When prompted, confirm your credentials to start the impersonation session.

   You will be taken to the impersonatee's home page and all ensuing actions during the session will be done on the impersonatee's system as if they were done by the impersonatee.

4. Click Stop Impersonation on the impersonation overlay (see **INTERNAL XREF ERROR**), or from the impersonatee's Impersonation preferences page, click Stop Impersonation to end the impersonation session.

6.4 Troubleshooting

This section describes common error conditions and their solutions

• Clicking Switch User Produces an Error

• Clicking Stop Impersonation Produces an Error

6.4.1 Clicking Switch User Produces an Error

Problem

When you click Switch User you are taken to an error page rather than a screen where you can enter your credentials.

Solution

The access time may not fall within the impersonation session's allotted time slot. Check the duration on the Impersonation preferences page and try again. Alternatively, you can ask the impersonatee to revoke your impersonation rights and grant them to you again. If this fails to resolve the problem then contact the system administrator to inspect the OAM logs to determine the problem. Also, if you enter incorrect credentials on the consent page the impersonation session will not begin and you will be taken to an error page. To resolve this error, return to your home page and begin the impersonation session again.

One final reason why initiating impersonation session may fail, even when it looks like you are trying to impersonate within the correct duration, is because the OAM server and WebCenter Portal server clocks are not in sync. If you have checked that you are trying to start a session within the correct time frame, and that your credentials are correct contact your administrator to see if this may be the case. Configuring OAM and WebCenter Portal's server clock settings is described in Configuring WebCenter Portal for Impersonation in Oracle Fusion Middleware Administering Oracle WebCenter Portal.

6.4.2 Clicking Stop Impersonation Produces an Error

Problem

You are taken to an error page when you click when you click Stop Impersonation.

Solution

If you are taken to an error page when you click Stop Impersonation, go to the home page and check if the impersonation session has ended. If not, click Logout to explicitly end your impersonation session and your own session and then contact the system administrator to inspect the OAM logs to determine the cause.