Delphix Toolkit (dxToolkit)

Expand all | Collapse all

Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?

Jump to Best Answer
  • 1.  Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?

    Posted 02-15-2017 06:35:00 PM
    I need to revoke roles (data, read, owner) from many users. is it possible to do using dxtoolkit?
    #dxToolkit


  • 2.  RE: Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?

    Posted 02-15-2017 07:21:00 PM
    Hi dbarkîn, I believe that it's possible using the dx_ctl_user script, I never tested it my self but reading the script points out it. Add user to one engine using users file and profile file dx_ctl_users -d Landshark5 -file /tmp/users.csv -profile /tmp/profile.csv User sysadmin exist. Skipping User delphix_admin exist. Skipping User dev_admin exist. Skipping User qa_admin created. User dev exist. Skipping User qa exist. Skipping Role OWNER for target Dev Copies set for dev_admin Role PROVISIONER for target Sources set for dev_admin Role PROVISIONER for target Dev Copies set for qa_admin Role OWNER for target QA Copies set for qa_admin Example csv user file: # operation,username,first_name,last_name,email address,work_phone,home_phone,cell_phone,type(NATIVE|LDAP),principal_credential,password,admin_priv,js_user # comment - create a new user with Delphix authentication C,testuser,Test,User,test.user@test.mail.com,,555-222-222,,NATIVE,,password,Y # comment - create a new user with LDAP C,testuser2,Test,User2,test.user@test.mail.com,555-111-111,555-222-222,555-333- 333,LDAP,"testuser@test.domain.com",,Y # update existing user - non-empty values will be updated, password can't be modified in this version U,user11,FirstName,LastName,newemail@test.com,,,,,,, U,testuser,Test,User,test.user@test.com,,555-222-333,,NATIVE,,password,Y # delete user D,testuser2,,,,,,,,,, Example csv profile file: #Username,Type,Name,Role testusr,group,Break Fix,AUDITOR testusr,group,QA Copies,AUDITOR testusr,group,Sources,AUDITOR testusr,databases,ASE pubs3 DB,OWNER testusr,databases,AdventureWorksLT2008R2,AUDITOR testusr,databases,Agile Masking,AUDITOR testusr,databases,Employee Oracle DB,OWNER You have to define things throw vdb files. Regards, Mouhssine


  • 3.  RE: Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?

    Posted 02-15-2017 07:52:00 PM
    Hi Mouhssine,


    thank you for information.
    I've tried dx_ctl_users however with mixed success. 
    The command is able to create, add new profiles, but doesn't do removal of privileges.

    Thanks,
    Dmitri


  • 4.  RE: Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?

    Posted 02-16-2017 05:48:00 AM
    Hi Dmitri, Thanks for feedback. You can ask for enhancing the tool to add a such capability. Regards, Mouhssine


  • 5.  RE: Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?
    Best Answer

    Posted 02-16-2017 07:19:00 AM
    Hi Dmitri,

    Editing roles via dx_ctl_user is not possible now. Profile file is used only to create a new users.
    I will add your request to pipeline and open a issue on github.

    regards,
    Marcin



  • 6.  RE: Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?

    Posted 02-16-2017 01:29:00 PM
    Hi Mouhssine,

    thanks for update.
    Marcin already opened request.

    Regards,
    Dmitri