list users having access to scope credentials

Braxx — Wed, 06 Apr 2022 10:17:00 GMT

Hello!

How do I list all the users or groups having access to the key-vault backed scope credentials?

Let's say, I have a scope called MyScope for which all the secrets are stored in MyKeyVault.

I would like to see what users have access there and ideally their permission level.

TIA

Re: list users having access to scope credentials

Hubert-Dudek — Wed, 06 Apr 2022 13:38:45 GMT

@Bartosz Wachocki , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

topic list users having access to scope credentials in Data Engineering

list users having access to scope credentials

Re: list users having access to scope credentials