How to Apply OIVIC EWS Required Permissions
Request SG and OSP
EWS contains DEV, PPE and Prod environments.
DEV environment can be access with your MSIT account, and to get permission to the resource, you need to join the SG EuclidOivicAdmin in idweb.
PPE and Prod environments requires Torus account and JIT elevation.
Go to OSP to search and request the following eligibilities according to your needs.
oivic: To read and trigger ADF pipelines in PPE and Prod.
EuclidWSTeam: To edit ADF pipelines in PPE and Prod.
EWS Environments
| Name | Subscription Id | Resource Group | Elevation Required |
|---|---|---|---|
| ODIN DEV | 9ce40ff0-cb61-4fd0-8a84-63a847f44520 | rg-wqjdcihnbcbrm | N |
| OIVIC PPE NAM | 4622f018-2e49-490f-b462-1b990f549058 | o365ccoivicppenam | Y |
| OIVIC PROD NAM | 4622f018-2e49-490f-b462-1b990f549058 | o365ccoivicprodnam | Y |
| OIVIC PPE EUR | 4622f018-2e49-490f-b462-1b990f549058 | o365ccoivicppeeur | Y |
| OIVIC PROD EUR | 4622f018-2e49-490f-b462-1b990f549058 | o365ccoivicprodeur | Y |
Elevation to Reader, Operator, and Contributor roles for EWS PPE & Prod Access
Read only (can also run pipelines)
Approval: Auto
Eligibility: oivic
Set-MyTeam oivic
Request-AzureAdGroupRoleElevation -GroupName oivic-JIT-M365DataEngineerDebugger -Reason checkADF -Duration 6
Run pipelines
Approval: Requires manual approval from member of oivic approvers
Eligibility: oivic
Set-MyTeam oivic
Request-AzureAdGroupRoleElevation -GroupName oivic-JIT-M365DataEngineerOperator -Reason checkADF -Duration 6
Change settings
Approval: requires manual approval from member of EuclidWSTeam
Eligibility: EuclidWSTeam
Request-AzureActiveDirectoryElevation.ps1 -GroupName SIPlatformTeam-08f03218-5da5-48f5-a4b8-23abfb8ad13e-Contributor