Managing Impersonations
Use
To prevent unauthorized access to security-sensitive data, you can configure impersonation settings for callable objects that access security data, so that only predefined users can execute it.
You can define impersonation settings and configure a list of users who are allowed to execute the callable object, from the Administration workset under Impersonation Manager. At runtime, only users form this list can execute the callable object.
Prerequisites
To be able to use the Impersonation Manager, you need security administrator rights (GP Security Administrator).
More information: Setting Up Portal Roles
Procedure
Select a Callable Object
- Browse to select an existing callable object.
- Choose Open.
The impersonation settings including the callable object name, type and status are displayed.
Define Impersonation Settings
- Enable the Impersonation indicator.
If the impersonation option is selected, only users with security administrator rights can activate the callable object.
- To define principals for impersonation, choose Add.
The user picker is displayed in the right-hand part of the screen. Use the Find function to search for the required user. To add the user, select it and choose Add. Repeat the procedure for all users that you want to add.
- Choose Save or Activate, depending on the callable object status.
Result
You have defined impersonation settings for a callable object.
Now you can create a process that includes a step that executes the callable object.
During the initiation of the process, only users included in the callable object's impersonation list can execute this step.
You have to create an impersonation list for a callable object with defined impersonation settings in the following cases:
- If you make an inactive version of the callable object − for example, if you copy it or open it to edit it
- Before you can release a callable object after a transport request. For more information about how to release imported objects, see Postprocessing Imported Objects .