Is it possible revoke a role (data, read, owner) from a user using dxtoolkit?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I need to revoke roles (data, read, owner) from many users. is it possible to do using dxtoolkit?
Photo of dbarkin

dbarkin

  • 260 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Mouhssine SAIDI

Mouhssine SAIDI

  • 5,846 Points 5k badge 2x thumb
Hi dbarkîn,

I believe that it's possible using the dx_ctl_user script, I never tested it my self but reading the script points out it.

Add user to one engine using users file and profile file
dx_ctl_users -d Landshark5 -file /tmp/users.csv -profile /tmp/profile.csv
User sysadmin exist. Skipping
User delphix_admin exist. Skipping
User dev_admin exist. Skipping
User qa_admin created.
User dev exist. Skipping
User qa exist. Skipping
Role OWNER for target Dev Copies set for dev_admin
Role PROVISIONER for target Sources set for dev_admin
Role PROVISIONER for target Dev Copies set for qa_admin
Role OWNER for target QA Copies set for qa_admin
Example csv user file:
# operation,username,first_name,last_name,email address,work_phone,home_phone,cell_phone,type(NATIVE|LDAP),principal_credential,password,admin_priv,js_user
# comment - create a new user with Delphix authentication
C,testuser,Test,User,test.user@test.mail.com,,555-222-222,,NATIVE,,password,Y
# comment - create a new user with LDAP
C,testuser2,Test,User2,test.user@test.mail.com,555-111-111,555-222-222,555-333- 333,LDAP,"testuser@test.domain.com",,Y
# update existing user - non-empty values will be updated, password can't be modified in this version
U,user11,FirstName,LastName,newemail@test.com,,,,,,, U,testuser,Test,User,test.user@test.com,,555-222-333,,NATIVE,,password,Y
# delete user
D,testuser2,,,,,,,,,,
Example csv profile file:
#Username,Type,Name,Role
testusr,group,Break Fix,AUDITOR
testusr,group,QA Copies,AUDITOR
testusr,group,Sources,AUDITOR
testusr,databases,ASE pubs3 DB,OWNER
testusr,databases,AdventureWorksLT2008R2,AUDITOR
testusr,databases,Agile Masking,AUDITOR
testusr,databases,Employee Oracle DB,OWNER

You have to define things throw vdb files.

Regards,

Mouhssine
Photo of dbarkin

dbarkin

  • 260 Points 250 badge 2x thumb
Hi Mouhssine,


thank you for information.
I've tried dx_ctl_users however with mixed success. 
The command is able to create, add new profiles, but doesn't do removal of privileges.

Thanks,
Dmitri
(Edited)
Photo of Mouhssine SAIDI

Mouhssine SAIDI

  • 5,846 Points 5k badge 2x thumb
Hi Dmitri,

Thanks for feedback.

You can ask for enhancing the tool to add a such capability.

Regards,

Mouhssine
Photo of dbarkin

dbarkin

  • 260 Points 250 badge 2x thumb
Hi Mouhssine,

thanks for update.
Marcin already opened request.

Regards,
Dmitri
Photo of fMarcin Przepiorowski

fMarcin Przepiorowski, Employee

  • 1,070 Points 1k badge 2x thumb
Official Response
Hi Dmitri,

Editing roles via dx_ctl_user is not possible now. Profile file is used only to create a new users.
I will add your request to pipeline and open a issue on github.

regards,
Marcin