+

Search Tips   |   Advanced Search

Administer user impersonation


Overview

The impersonation feature lets you to access another user's system as though you are that user. Support specialists can use the impersonation feature to find issues and errors.

Client side aggregation does not support user impersonation. Do not activate client side aggregation on any portal pages where the impersonation portlet is deployed.

We can use the default Impersonation portlet or we can develop a custom portlet for impersonating users.

To impersonate other users, for impersonator user, edit the Can Run As User role and assign the user to be impersonated. When a user enabled for impersonation impersonates other users, the people awareness feature is disabled for the entire session for which that user is authenticated.

By default, user impersonation is enabled.

To disable...

To enable...

Stop and restart the WebSphere_Portal server.


Assign the Can Run As User role to the appropriate user

  1. Log on to WebSphere Portal as an administrator and click...

      Administration | Access | User and Group Permissions | Users

  2. Search for the user to assign as Can Run As User.

  3. Click the Select Resource Type icon for the user.

  4. Navigate to the page containing the Virtual Resources option, using the Page Next button.

  5. Navigate to the page containing the USERS option and click the Assign Access icon.

  6. Select the Explicitly Assign check box for the Can Run As User role.

  7. Click OK.

The user with the Can Run As User role can now impersonate another user.


Impersonate an unauthenticated user

  1. Log on to WebSphere Portal as the administrator.

  2. Click...

      Administration | Access | Resource Permissions | Virtual Resources

  3. Locate the WCM REST SERVICES resource type and then click the Assign Access icon.

  4. Locate the User resource permission and then click the Edit Role icon.

  5. Click Add.

  6. Check the Anonymous Portal User checkbox.

  7. Click OK.

  8. Verify that we can now impersonate an unauthenticated user.

The user(s) with the Can Run As User role can now impersonate another user.

Note that the portal administrative user automatically has permissions to impersonate another user, and does not require any special setup.


Migration: Web application bridge integration

To use the Web application bridge integration feature migrated from a previous version of WebSphere Portal that was using the Impersonation portlet:

  1. Log on to WebSphere Portal as the administrator and select...

      Administration | Web Modules Administration portlet | Install | Browse | PORTAL_HOME/ap/wp.ap.impersonation/installableApps/impersonation.war

  2. Click Next.

  3. If necessary, update the following fields:

    • Enterprise Application display name
    • Context root
    • Start application

  4. Click Finish to install the .war file.


Use the Impersonation portlet

WebSphere v8.0 ships with an Impersonation portlet. Example usage:

  1. Create a page called Impersonation

  2. Assign the Impersonation portlet to the page

  3. Grant your impersonator user "User" permissions for the new Impersonation page.

  4. Log on to Portal as your impersonator user, or log in as a portal administrator.

  5. Search for user to impersonate, then click Impersonate button


Optional: Develop a custom portlet to impersonate users

import com.ibm.portal.portlet.service.impersonation.ImpersonationService;
import com.ibm.portal.portlet.service.PortletServiceHome;

public class MyImpersonationPortlet extends GenericPortlet
{
    private PortletServiceHome psh;

    @Override
    public void init() throws PortletException
    {
        try
        {
            javax.naming.Context ctx = new javax.naming.InitialContext();
            psh = (PortletServiceHome) ctx.lookup(ImpersonationService.JNDI_NAME);
        } catch (Exception ex)
        {
            // error handling         }
    }

    @Override
    public void processAction(ActionRequest request, ActionResponse response) throws PortletException, IOException
    {
        // obtain the service object and use the service         
        ImpersonationService impersonationService = (ImpersonationService) psh.getPortletService(ImpersonationService.class);
        try
        {
            impersonationService.doImpersonate(request, response, stringuserDN);
        } catch (Exception e)
        {
            // error handling         
        }
    }
}

We can enter the information for the user to impersonate in the stringuserDN. Alternatively, we can use the PUMA SPI User object.

The impersonation feature becomes active with the next request.


Parent: Users and groups
Related:
Control access
Auditing
User and group management
Install a portlet
Users and groups