Granting Non-Admin Users Access to Sources and VDBs in a Replicated Namespace (KBA8176)
KBA
KBA# 8176Applicable Delphix Versions
- Click here to view the versions of the Delphix engine to which this article applies
-
Major Release All Sub Releases 6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1
How to grant provisioning privileges on replicated objects
One of the features of Replication is to be able to provision VDBs from replicated dSources and VDBs. By default, only an 'admin' user, or a user defined with admin privileges can access the objects in the replication namespace (replica). A non-admin user will not be able to see the replicated namespace itself nor any of the objects in that namespace. This document will show how to provide authorizations for a non-admin user to access the objects in the replication namespace for the purposes of provisioning.
The steps to be able to do so are also listed in the documentation, Provisioning from Replicated Data Sources or VDBs
- As an admin user , to view the groups, dSources and VDBs that are in a replicated namespace, navigate to the Datasets page, and click on the list of values icon next to the namespace “Default” :
Clicking on the icon provides a list of the replicated Namespaces:
Clicking on the replication namespace or replica, in this example md6081.prim.dcol2-3, will list the objects that were included in that replica:
Click on Expand All to see the full list of groups, dsources and VDBs. You see the objects from which you can provision. Being able to provision from that dsource or vdb is confirmed by the availability of the Provision icon on a selected snapshot.
- The admin user can grant privileges on the replica objects to non-admin users as follows:
- Navigate to the Users page (Manage > Users). Add a user or edit an existing user.
- Click Next to navigate to the Privileges section. The 'Default' namespace will be the default shown as below.
- Click on the icon to see a list of available namespaces, including the replicas.
- Select the required replica or desired namespace. Click Expand All to see all the objects in that namespace, as per the example below.
- Grant the required role to the user for a group or if needed, only on specific objects within that group. A description of assignable roles are given under Roles and Privileges for Delphix Objects.
- As an example, we granted the Provisioner role for object groups on 2 replicated namespace/replicas to a new user named
local2
.
When user 'localU2' connects to the Delphix Engine, and navigates to the Datasets page, it would seem that he/she has no privileges or access to any replicated objects.
However, the user can switch from the Default namespace, to an available namespace from the dropdown list (by clicking on the icon).
The user can switch to any of the granted namespaces and see the objects to which he/she has ‘provisioning’ privilege.
Related Articles
The following articles may provide more information or related information to this article:
Provisioning from Replicated Data Sources and VDBs