If you want to create non-Admin users in Delphix that shall be able to perform operations on specific VDBs like rewind or refresh, you may struggle to find the right combination of privileges that must be set. Therefore I'd like to share my findings.
With just Object Owner privileges on a VDB you can do:
- Make a snapshot of the VDB
- Provision a physical DB from this VDB (V2P)
But you cannot rewind nor refresh the VDB.
You must have Group Owner privilege on the group that includes the VDB in order to be able to rewind the VDB to any point in time. This automatically gives you the same privileges to all VDBs in that group, so organize your VDBs in groups wisely.
Now you can rewind the VDB but you still can't refresh the VDB - unless its dSource is also included in the group which would give you automatically Object Owner privilege on the dSource, too. If the dSource is not contained in the same group you simply need to have added Object Owner privilege on the dSource object, no matter in which group it's contained. You don't need Group Owner privilege on the group of the dSource, just the dSource object itself.
With the Owner privilege on the dSource object and the Group Owner privilege on the group of your VDB you can now refresh the VDB.
Hope this helps.
#Tip