Skip to main content
Delphix

Granting Non-Admin Users Access to Sources and VDBs in a Replicated Namespace (KBA8176)

 

KBA

KBA# 8176

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases
6.0

6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1

How to grant provisioning privileges on replicated objects

One of the features of Replication is to be able to provision VDBs from replicated dSources and VDBs.  By default, only an 'admin' user, or a user defined with admin privileges can access the objects in the replication namespace (replica). A non-admin user will not be able to see the replicated namespace itself nor any of the objects in that namespace. This document will show how to provide authorizations for a non-admin user to access the objects in the replication namespace for the purposes of provisioning.

The steps to be able to do so are also listed in the  documentation, Provisioning from Replicated Data Sources or VDBs

 

  1. As an admin user , to view the groups, dSources and VDBs that are in a replicated namespace, navigate to the Datasets page, and click on the list of values icon clipboard_e953460d04dd46319e0fa7136c29a20df.png next to the namespace “Default” :
    clipboard_ef6f42c31db5061baee9d843d65507209.png
    Clicking on the icon provides a list of the replicated Namespaces:
    clipboard_e73c2986de02ede3dd7dd222c4d2ffc36.png
    Clicking on the replication namespace or replica, in this example md6081.prim.dcol2-3, will list the objects that were included in that replica:
    Screenshot 2021-10-08 at 15.18.00.png
    Click on Expand All to see the full list of groups, dsources and VDBs. You see the objects from which you can provision. Being able to provision from that dsource or vdb is confirmed by the availability of the Provision icon on a selected snapshot.
    Screenshot 2021-10-08 at 15.25.14.png
     
  2. The admin user can grant privileges on the replica objects to non-admin users as follows:
    1. Navigate to the Users page (Manage > Users). Add a user or edit an existing user.
    2. Click Next to navigate to the Privileges section. The 'Default' namespace will be the default shown as below.
      Screenshot 2021-10-06 at 18.07.29.png
    3. Click on the icon Screenshot 2021-10-06 at 18.08.27.png to see a list of available namespaces, including the replicas.
      clipboard_eff607f035021504ca2323faa93ec0a17.png
    4. Select the required replica or desired namespace. Click Expand All to see all the objects in that namespace, as per the example below.
      Screenshot 2021-10-08 at 15.36.28.png
    5. Grant the required role to the user for a group or if needed, only on specific objects within that group.  A description of assignable roles are given under Roles and Privileges for Delphix Objects.
      Screenshot 2021-10-08 at 15.37.40.png
  3. As an example, we granted the Provisioner role for object groups on 2 replicated namespace/replicas to a new user named local2.
    When user 'localU2' connects to the Delphix Engine, and navigates to the Datasets page, it would seem that he/she has no privileges or access to any replicated objects.
    Screenshot 2021-10-08 at 15.53.26.png

    However, the user can switch from the Default namespace, to an available namespace  from the dropdown list (by clicking on the iconScreenshot 2021-10-06 at 18.08.27.png).
    Screenshot 2021-10-08 at 16.02.20.png

    The user can switch to any of the granted namespaces and see the objects to which he/she has ‘provisioning’ privilege.
    Screenshot 2021-10-08 at 16.06.17.png

 

Related Articles

The following articles may provide more information or related information to this article:

Provisioning from Replicated Data Sources and VDBs

Users and Groups