Creating a BMC Remedy Handler that uses Impersonation
Usage
When setting up a handler to use impersonation, the same info values are needed, except that the Kinetic Administrator who's installing the handler needs to be sure that the username and password specified are for a Remedy system administrator. Then one of the parameters requested in the handler needs to be the user who is being impersonated.
The first key item to note is that most Remedy handlers use a function preinitialize_on_first_load to set up the Remedy context, initialize the form, and load it into cache. This function cannot be leveraged when using impersonation.
When using impersonation, the context must be set up each time the handler is run (in execute(), not initialize(input)).
def execute() # Build up impersonated user context...username, password, etc are from info values and user needs to be an Admin. impersonateContext = ArsModels::Context.new( :server => get_info_value(@input_document, 'server'), :username => get_info_value(@input_document, 'username'), :password => get_info_value(@input_document, 'password'), :port => get_info_value(@input_document, 'port'), :prognum => get_info_value(@input_document, 'prognum'), :authentication => get_info_value(@input_document, 'authentication') )
Then, once the context is set up with an admin logged in, the context must be set up to impersonate the desired user.
# Now use the impersonateUser parameter to set the impersonation. impersonateContext.ars_context.setImpersonatedUser("joe.blow")
Then, before any form can be used, a Find must be done for that form (because it wasn't done in the pre-initialize/cached).
#update the AP:Detail-Signature record using the @field_values hash that was built up. approvalForm = ArsModels::Form.find('AP:Detail-Signature', :context => impersonateContext)
Then you can interact with the form as normal. The impersonated context only needs to be set up once in the handler, even if multiple forms are accessed.
Example
One case where it is essential that the handler impersonate is approvals. Remedy keys off the "logged in user" to determine who the attempting approver is, so if a handler was trying to submit approvals to Change without impersonation, they would all fail. Thus, the BMC ITSM7 Approval Approve handler is a working example of using impersonation.