All API invocations happen in the security context of the signed-in user.

Agent users can do actions on the system, either independently or on behalf of a particular user. In specific situations you might need to use one of the following properties. Among agent user techniques, as a best practice you should use Impersonate. Use On Behalf Of or Bypass only on the advice of Oracle support or the Oracle integration team.

• Impersonate (in XV1ConnectionUpdateInfo):

  During the connection to the server, the impersonation sign in is recorded. The server also tracks when the impersonation ends. The audit log tracks the actions as being done by the user being impersonated; it does not track the impersonating agent for each action.

  The permissions for actions are based on the permission level of the user being impersonated.Impersonate is intended for use only in automated processes, such as for conversation object updates where you want to show that the update was made by a particular user. Keep in mind that using Impersonate can degrade analytics accuracy because it associates actions with the impersonated user.

• On Behalf Of (in XV1ConnectionUpdateInfo):

  Allows a user to do a limited number of end-user functions on behalf of another user, such as posting a message to a Conversation or uploading a document. When this privilege is used, the audit log indicates both the user who performed the action and the user on whose behalf it was performed; in clients, the action is labeled as having been performed by the user the action was performed for.

• Bypass (in XV1SocialObjectRole, XV1ConversationRole, and XV1SocialObjectRole):

  Allows the user to do any action without failing due to inadequate permissions (although a request might fail for another reason, such as not being a member of the Conversation being acted on). The Bypass privilege is intended for use only in certain automated processes in a highly secure environment.