Hi Chris,
Great question! This is something that we are focused on delivering via Data Control Tower (DCT). DCT can be considered as the self-hosted management platform for Delphix much like vCenter for VMware. This means that DCT serves as the single integration point for all automation across a broad ecosystem of Delphix engines as well as a control point for administrators. A current project with DCT is to deliver a global Access Control system that will tightly govern access to all Delphix objects (dSources, VDBs, Masking Jobs, etc.) coupled with granular permissions. With this system, our plan is to provide an AD group integration so that administrators like yourself can identify hierarchical structures/attributes in your AD that you'd like to associate with groups of users in this system such that the membership of that group is tied to user designations in AD.
For example, you create an access group in DCT and assign VDBs associated with a particular application. You can then designate that applications' dev teams' AD attribute to the access group. DCT will then populate the Access Group with the appropriate set of users and will update the membership in real time based on any changes made in AD (e.g. a user moving to a different team, onboarding/offboarding, etc.). Happy to discuss this further if you're interested in a deeper conversation!
------------------------------
Ross Millenacker
Senior Product Manager
Delphix
------------------------------
Original Message:
Sent: 11-16-2022 12:26:24 PM
From: Chris Patton
Subject: Windows Active Directory Groups for User Access
Hello, for all of the self-service options for provisioned VDBs, is it possible to use Windows AD groups to grant the necessary Delphix permissions to our Developers/Programmers/Analysts? We have LDAP setup, but right now it looks like we can only use individual domain accounts, not Windows AD Groups.
------------------------------
Chris Patton
Database Adminstrator, Sr
CalOptima
------------------------------