Skip to main content
Kinetic Community

Creating a BMC Remedy Handler that uses Impersonation

Remedy allows for a system administrator login to impersonate, or act as, other system users. This allows Admin to submit a record, for example, but the submitter on the record could be Bob. This article will describe how to create a Remedy handler that uses impersonation; this article will also point out some of the more common Remedy handler processes that can not be used when using impersonation.

Usage

When setting up a handler to use impersonation, the same info values are needed, except that the Kinetic Administrator who's installing the handler needs to be sure that the username and password specified are for a Remedy system administrator. Then one of the parameters requested in the handler needs to be the user who is being impersonated.

The first key item to note is that most Remedy handlers use a function preinitialize_on_first_load to set up the Remedy context, initialize the form, and load it into cache. This function cannot be leveraged when using impersonation.

When using impersonation, the context must be set up each time the handler is run (in execute(), not initialize(input)).

  def execute()

   # Build up impersonated user context...username, password, etc are from info values and user needs to be an Admin.
   impersonateContext = ArsModels::Context.new(
        :server         => get_info_value(@input_document, 'server'),
        :username       => get_info_value(@input_document, 'username'),
        :password       => get_info_value(@input_document, 'password'),
        :port           => get_info_value(@input_document, 'port'),
        :prognum        => get_info_value(@input_document, 'prognum'),
        :authentication => get_info_value(@input_document, 'authentication')
      )

Then, once the context is set up with an admin logged in, the context must be set up to impersonate the desired user.

    # Now use the impersonateUser parameter to set the impersonation.
    impersonateContext.ars_context.setImpersonatedUser("joe.blow")

Then, before any form can be used, a Find must be done for that form (because it wasn't done in the pre-initialize/cached).

    #update the AP:Detail-Signature record using the @field_values hash that was built up.
    approvalForm = ArsModels::Form.find('AP:Detail-Signature', :context => impersonateContext)

Then you can interact with the form as normal. The impersonated context only needs to be set up once in the handler, even if multiple forms are accessed. 

Example

One case where it is essential that the handler impersonate is approvals. Remedy keys off the "logged in user" to determine who the attempting approver is, so if a handler was trying to submit approvals to Change without impersonation, they would all fail. Thus, the BMC ITSM7 Approval Approve handler is a working example of using impersonation.