Skip to main content
Skip table of contents

CLI cookbooks: enabling and configuring environment permissions

This topic describes how to enable the environment permissions feature to restrict what users can do with environments.

By default, all engine users can list all environments and hosts and see their details. Moreover, all users are able to link dSources from and provision VDBs to any environment without requiring any permissions on environments, as long as they have appropriate permissions on the target group where the dsource or VDB will be located.

Enabling environment and permissions

To restrict non-administrator users from seeing, linking from, and provisioning to any environment, Engine Administrators can enable environment authorizations.

CODE 
delphix> authorization configurationdelphix authorization configuration > lsProperties    type: AuthorizationConfig    environmentAndHostAuth: false Operationsupdatedelphix authorization configuration> updatedelphix authorization configuration update *> set environmentAndHostAuth=truedelphix authorization configuration update *> commit

Similarly, to go back to the default state in which all users have permission to perform those operations, the Engine Administrator must set the environmentAndHostAuth property back to false.

Granting and revoking permissions on environments and hosts

When environment permissions are enabled, only Engine Administrators can list environments and hosts, see their details, or link dSources from or provision VDBs to environments.

To authorize any other user to perform such an operation on an environment or host, a Engine Administrator must create an appropriate authorization.

CODE 
delphix> authorization createdelphix authorization create *> set user=someuserdelphix authorization create *> set role=PROVISIONERdelphix authorization create *> set target=SourceEnvironment:/somehost.example.com

To revoke an authorization, a Engine Administrator must delete the corresponding authorization object.

CODE 
delphix> authorizationdelphix> lsREFERENCE        USER      ROLE   TARGET                                 AUTHORIZATION-1  sysadmin  OWNER  sysadminAUTHORIZATION-2  admin     OWNER  adminAUTHORIZATION-3  admin     OWNER  domain0AUTHORIZATION-4  someuser  Data   SourceEnvironment:/somehost.example.com delphix authorization> select `AUTHORIZATION-4delphix authorization '(USER-2, ROLE-2, UNIX_HOST_ENVIRONMENT-1)'> deletedelphix authorization '(USER-2, ROLE-2, UNIX_HOST_ENVIRONMENT-1)' delete *> commit

Permissions on Environments and Hosts

Role

Environment privileges

Host privileges

Owner

  • Can provision VDBs from the environment

  • Can link dSources from the environment

  • Can access the same information as a Reader

  • Can access the same information as a Reader

Provisioner

  • Can access statistics on the dSource, VDB, or snapshot such as usage, history, and space consumption

  • Can provision VDBs from owned dSources and VDBs

  • Can access the same information as a Reader

Data Operator

  • Can access statistics on the dSource, VDB, or snapshot such as usage, history, and space consumption

  • Can refresh or rollback VDBs

  • Can snapshot dSources and VDBs

  • Can access the same information as a Reader

Reader

  • Can see the configuration of the environment

  • Can see the configuration of the host

Self-Service Only

  • Can access the same information as a Reader

  • Can see the configuration of the host

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close