https://community.databricks.com/t5/administration-architecture/how-to-query-all-the-users-who-have-access-to-a-databricks/m-p/113055#M3151 <P>Hi There,</P><P>I'm new to Databricks and we currently have a lot of users among different groups having access to a databricks workspace. I would like to know how I could query the users, groups and Entitlements of each groups using SQL or the API. Incase of API, I could use some help to point me towards how to use the API.</P><P>Thanks in advance!!!</P> Wed, 19 Mar 2025 14:46:57 GMT pranav_ 2025-03-19T14:46:57Z https://community.databricks.com/t5/administration-architecture/how-to-query-all-the-users-who-have-access-to-a-databricks/m-p/113055#M3151 <P>Hi There,</P><P>I'm new to Databricks and we currently have a lot of users among different groups having access to a databricks workspace. I would like to know how I could query the users, groups and Entitlements of each groups using SQL or the API. Incase of API, I could use some help to point me towards how to use the API.</P><P>Thanks in advance!!!</P> Wed, 19 Mar 2025 14:46:57 GMT https://community.databricks.com/t5/administration-architecture/how-to-query-all-the-users-who-have-access-to-a-databricks/m-p/113055#M3151 pranav_ 2025-03-19T14:46:57Z https://community.databricks.com/t5/administration-architecture/how-to-query-all-the-users-who-have-access-to-a-databricks/m-p/113062#M3153 <P class="">To query all users who have access to a Databricks workspace, you can follow these steps:</P><H2>1.<SPAN>&nbsp;</SPAN><STRONG>Check Workspace Users via Admin Console</STRONG></H2><UL class=""><LI><P class="">If you are a workspace admin, navigate to the<SPAN>&nbsp;</SPAN><STRONG>Admin Console</STRONG><SPAN>&nbsp;</SPAN>in the Databricks UI. Under the "Users" tab, you can view all users who have been added to the workspace and their roles (e.g., workspace admin, user, or service principal).</P></LI></UL><H2>2.<SPAN>&nbsp;</SPAN><STRONG>Query Unity Catalog for Access Information</STRONG></H2><UL class=""><LI><P class="">If your workspace is enabled for Unity Catalog, you can use SQL queries to check access privileges for users. For example:</P><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class="">&nbsp;</DIV></DIV></DIV><DIV class=""><DIV><DIV class="">sql</DIV></DIV><DIV class=""><SPAN><SPAN class="">SELECT</SPAN> <SPAN class="">*</SPAN> <SPAN class="">FROM</SPAN> information_schema<SPAN class="">.</SPAN>role_authorizations <SPAN class="">WHERE</SPAN> principal_type <SPAN class="">=</SPAN> <SPAN class="">'USER'</SPAN><SPAN class="">;</SPAN> </SPAN></DIV></DIV></DIV></DIV><P class="">This query retrieves all users and their associated roles in Unity Catalog<SPAN class="">.</SPAN></P></LI></UL><H2>3.<SPAN>&nbsp;</SPAN><STRONG>List Users via SCIM API</STRONG></H2><UL class=""><LI><P class="">Use the Databricks SCIM API to programmatically retrieve a list of users in the workspace. For example:</P><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class="">&nbsp;</DIV></DIV></DIV><DIV><DIV><DIV>bash</DIV></DIV><DIV>curl -X GET \ -H "Authorization: Bearer &lt;your-access-token&gt;" \ https://&lt;databricks-instance&gt;/api/2.0/preview/scim/v2/Users</DIV></DIV></DIV></DIV><P class="">This will return a JSON object containing user details, including their roles and group memberships<SPAN class="">.</SPAN></P></LI></UL><H2>4.<SPAN>&nbsp;</SPAN><STRONG>Check Default Privileges in Unity Catalog</STRONG></H2><UL class=""><LI><P class="">By default, all workspace users receive certain privileges (e.g.,<SPAN>&nbsp;</SPAN>USE CATALOG) on the default schema of the Unity Catalog metastore. You can query these privileges using:</P><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class="">&nbsp;</DIV></DIV></DIV><DIV class=""><DIV><DIV class="">sql</DIV></DIV><DIV class=""><SPAN><SPAN class="">SHOW</SPAN> GRANTS <SPAN class="">ON</SPAN> CATALOG <SPAN class="">default</SPAN><SPAN class="">;</SPAN> </SPAN></DIV></DIV></DIV></DIV><P class="">This will display all users and groups with access to the default catalog<SPAN class="">.</SPAN></P></LI></UL><H2>5.<SPAN>&nbsp;</SPAN><STRONG>Audit Logs for User Activity</STRONG></H2><UL class=""><LI><P class="">If you need to verify which users have accessed specific data or performed actions in the workspace, enable and review audit logs. These logs can provide detailed insights into user activities across the workspace<A class="" href="https://docs.databricks.com/aws/en/data-governance/unity-catalog/enable-workspaces" target="_blank" rel="nofollow noopener"><SPAN class=""><SPAN class="">3</SPAN></SPAN></A><SPAN class=""><A class="" href="https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/get-started" target="_blank" rel="nofollow noopener"><SPAN class=""><SPAN class="">7</SPAN></SPAN></A>.</SPAN></P></LI></UL><P class="">By combining these methods, you can comprehensively identify all users who have access to your Databricks workspace and their respective roles or privileges.</P><P class="">Here are some additional resources/documentation that might be helpful:</P><UL><LI><A href="https://docs.databricks.com/aws/en/admin/users-groups/users" target="_blank" rel="noopener">https://docs.databricks.com/aws/en/admin/users-groups/users</A></LI><LI><A href="https://docs.databricks.com/aws/en/data-governance/unity-catalog/manage-privileges/privileges" target="_blank" rel="noopener">https://docs.databricks.com/aws/en/data-governance/unity-catalog/manage-privileges/privileges</A></LI><LI><A href="https://docs.databricks.com/api/workspace/users/list" target="_blank" rel="noopener">https://docs.databricks.com/api/workspace/users/list</A></LI></UL> Wed, 19 Mar 2025 16:02:18 GMT https://community.databricks.com/t5/administration-architecture/how-to-query-all-the-users-who-have-access-to-a-databricks/m-p/113062#M3153 tejaskelkar 2025-03-19T16:02:18Z