Delphix Products

 View Only
  • 1.  Unable to connect with API session and set apiUser=true for the user (manually or Cli)

    Posted 09-29-2021 08:52:00 AM

    Hi 

    I am trying to connect an API session for application but its getting failed for a user then i tried to update the set apiUser=true for the user and it doesn not allow me  and though this error 

    in central mangement i don't see any option where i can set the apiuser set to true nor it allow me from cli?


    steps followed : 
    Error: Management of users on this engine has been locked down.
    Action: Use Central Management to manage users on this engine. If Central Management is not available, ask a
    system administrator to disconnect the Engine from Central Management.

    localhost> user
    localhost user> select foo
    localhost user 'foo'> ls
    Properties
        type: User
        name: foo
        apiUser: false
        authenticationType: NATIVE
        emailAddress: asd@asd.com
        enabled: true
        firstName: (unset)
        homePhoneNumber: (unset)
        isDefault: false
        lastName: (unset)
        locale: en-US
        mobilePhoneNumber: (unset)
        passwordUpdateRequest: FIRST_LOGIN
        principal: foo
        publicKey: (empty)
        reference: USER-3
        sessionTimeout: 30min
        userType: DOMAIN
        workPhoneNumber: (unset)

    Operations
    delete
    update
    disable
    enable
    updateCredential
    localhost user 'foo'> update
    localhost user 'foo' update *> set apiUser=true
    localhost user 'foo' update *> commmit

    Thanks 
    Himanshu



    ------------------------------
    Himanshu Sangwan
    DevOps Lead
    Ontario Teachers' Pension Plan Board
    ------------------------------


  • 2.  RE: Unable to connect with API session and set apiUser=true for the user (manually or Cli)

    Posted 09-29-2021 01:05:00 PM
    Good Afternoon Himanshu,
     how are you?  I will set up a working session with you soon so that we work on the issue.
    thanks and talk to you soon

    ------------------------------
    Jane-Glenna Anthony
    Technical Account Manager
    Delphix
    ------------------------------



  • 3.  RE: Unable to connect with API session and set apiUser=true for the user (manually or Cli)
    Best Answer

    Posted 10-06-2021 11:26:00 AM
    Hello Himanshu-

    I believe this concern is now understood, but for historical reference here I'd like to explain the findings and details in case other users come across this question.

    For Engines configured in Data Control Tower to leverage the Users + Groups feature, this feature by design moves all user management to the DCT interface.  This is mentioned on the Docs page https://docs.delphix.com/dctsaas/users-and-groups.

    Once U+G feature is enabled, the intention is that user API access is now controlled through DCT, though "legacy" API access (user/pass authentication on Engine) is maintained for those users on-engine that existed at the time of enablement.  Therefore, any users with apiUser=true will retain this setting; any new users added through DCT will have apiUser=false.

    "...users with legacy API (password-based authentication to the engine API or CLI)  access using name/password will retain this access. Future API access should be configured using API Keys. "

    Engine administrators will find that a local / legacy user can toggle the apiUser flag to false to remove the local (Engine) user/pass authentication, but it is not intended to allow users to be toggled back to true.


    ------------------------------
    Sean Nothdurft
    Senior Principal Technical Support Engineer
    Delphix
    ------------------------------