Why does a proxy user need to be specified for the SOAP Web Services Access Policy that is used with Unified Self-Service?

Document ID : KB000011726
Last Modified Date : 14/02/2018
Show Technical Document Details

In technical document TEC1533059, part III, one of the steps indicates that a proxy user must be specified.


We do not use a proxy server. Is this really necessary? If so, why? What are the special properties required if any?

CA Service Desk Manager 14.1, Unified Self-Service component.

A proxy user, not a proxy server, is required. 

The proxy user must have administrative access to CA Service Desk Manager (SDM) so that it can invoke the impersonate() web services method for the purpose of restricting access to the SDM object layer data according to the USS end user's data partitions.

In other words, the end user that is using USS, connects to USS, USS then does SOAP calls to SDM as casmadmin and proxies the end userid to impersonate that user. This way all data is restricted to what the end user can see via the SDM object layer.

As in other out-of-the-box SOAP Web Services Access Policies, enabling Allow Impersonate and specifying a Proxy Contact is necessary not only for USS, but also for Visualizer and other components.

Additional Information:

There is additional information on the CA Service Management Wiki on the pages at these links: