This topic describes how to enable the environment permissions feature to restrict what users can do with environments.
By default, all engine users can list all environments and hosts and see their details. Moreover, all users are able to link dSources from and provision VDBs to any environment without requiring any permissions on environments, as long as they have appropriate permissions on the target group where the dsource or VDB will be located.
Enabling environment and permissions
To restrict non-administrator users from seeing, linking from, and provisioning to any environment, Engine Administrators can enable environment authorizations.
delphix> authorization configurationdelphix authorization configuration > lsProperties type: AuthorizationConfig environmentAndHostAuth: false Operationsupdatedelphix authorization configuration> updatedelphix authorization configuration update *> set environmentAndHostAuth=truedelphix authorization configuration update *> commit
Similarly, to go back to the default state in which all users have permission to perform those operations, the Engine Administrator must set the
environmentAndHostAuth property back to
Granting and revoking permissions on environments and hosts
When environment permissions are enabled, only Engine Administrators can list environments and hosts, see their details, or link dSources from or provision VDBs to environments.
To authorize any other user to perform such an operation on an environment or host, a Engine Administrator must create an appropriate authorization.
delphix> authorization createdelphix authorization create *> set user=someuserdelphix authorization create *> set role=PROVISIONERdelphix authorization create *> set target=SourceEnvironment:/somehost.example.com
To revoke an authorization, a Engine Administrator must delete the corresponding authorization object.
delphix> authorizationdelphix> lsREFERENCE USER ROLE TARGET AUTHORIZATION-1 sysadmin OWNER sysadminAUTHORIZATION-2 admin OWNER adminAUTHORIZATION-3 admin OWNER domain0AUTHORIZATION-4 someuser Data SourceEnvironment:/somehost.example.com delphix authorization> select `AUTHORIZATION-4delphix authorization '(USER-2, ROLE-2, UNIX_HOST_ENVIRONMENT-1)'> deletedelphix authorization '(USER-2, ROLE-2, UNIX_HOST_ENVIRONMENT-1)' delete *> commit
Permissions on Environments and Hosts