https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115335#M3243 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/152834">@Advika</a>&nbsp;Hi Advika, thanks much for your time in replying. we do the same currently. However, please note we as admins give permissions via an automatically generated notebook ((permissions come from Git and the CI/CD pipeline generates notebooks)). Therefore, our IDs are also appearing in that action results. One thing we notice for those who give permissions from the UI - the user_agent column contains the browser name like 'Mozilla * Chrome'.</P><P>If there is a fool-proof way, request you kindly please investigate and share with us. Highly appreciate as we have controls internally we have to meet. Admins are giving permissions via UI; also, there are so many limitations with current Databricks permissions model - we want developers to be schema owners but do not expect them to give permissions, and owners can give permissions at the moment. We are discussing these with Databricks RSA anyways.</P> Sat, 12 Apr 2025 21:00:24 GMT noorbasha534 2025-04-12T21:00:24Z https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115068#M3228 <P>Hi all,</P><P>I am looking to capture events of&nbsp;permissions assigned on catalog/schemas/tables/views from the workspaces UI; example, someone gave another user USE CATALOG permission from the UI.</P><P>Is it possible to capture all such events?</P><P>appreciate the mindshare</P> Wed, 09 Apr 2025 22:56:43 GMT https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115068#M3228 noorbasha534 2025-04-09T22:56:43Z https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115158#M3230 <P>Hello&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/124839">@noorbasha534</a>!</P> <P>Yes, it's possible to capture permission-related events made through the Databricks workspace UI using Unity Catalog audit logs. These logs automatically track such actions at the account level.&nbsp;To capture these events, make sure audit logging is enabled for your account and a delivery location is configured.<BR /><BR />For more details:&nbsp;<A href="https://docs.databricks.com/aws/en/data-governance/unity-catalog/audit" target="_blank">Audit Unity Catalog events</A></P> Thu, 10 Apr 2025 12:52:58 GMT https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115158#M3230 Advika 2025-04-10T12:52:58Z https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115175#M3233 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/152834">@Advika</a>&nbsp;can you kindly please let me know the action name that I should filter upon...</P> Thu, 10 Apr 2025 15:11:51 GMT https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115175#M3233 noorbasha534 2025-04-10T15:11:51Z https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115262#M3239 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/124839">@noorbasha534</a>, you can use the action_name field to filter specific types of events. For example, to track permission changes—such as grants or revokes on catalogues, schemas, tables, or views, you can filter by <STRONG>updatePermissions</STRONG>. That said, the exact action name depends on the type of event you're trying to track.</P> Fri, 11 Apr 2025 10:27:51 GMT https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115262#M3239 Advika 2025-04-11T10:27:51Z https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115335#M3243 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/152834">@Advika</a>&nbsp;Hi Advika, thanks much for your time in replying. we do the same currently. However, please note we as admins give permissions via an automatically generated notebook ((permissions come from Git and the CI/CD pipeline generates notebooks)). Therefore, our IDs are also appearing in that action results. One thing we notice for those who give permissions from the UI - the user_agent column contains the browser name like 'Mozilla * Chrome'.</P><P>If there is a fool-proof way, request you kindly please investigate and share with us. Highly appreciate as we have controls internally we have to meet. Admins are giving permissions via UI; also, there are so many limitations with current Databricks permissions model - we want developers to be schema owners but do not expect them to give permissions, and owners can give permissions at the moment. We are discussing these with Databricks RSA anyways.</P> Sat, 12 Apr 2025 21:00:24 GMT https://community.databricks.com/t5/administration-architecture/get-permissions-assignment-done-from-the-workspaces-ui/m-p/115335#M3243 noorbasha534 2025-04-12T21:00:24Z