cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
cancel
Showing results for 
Search instead for 
Did you mean: 

list users having access to scope credentials

Braxx
Contributor II

Hello!

How do I list all the users or groups having access to the key-vault backed scope credentials?

Let's say, I have a scope called MyScope for which all the secrets are stored in MyKeyVault.

I would like to see what users have access there and ideally their permission level.

TIA

1 ACCEPTED SOLUTION

Accepted Solutions

Hubert-Dudek
Esteemed Contributor III

@Bartosz Wachocki​ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

View solution in original post

2 REPLIES 2

Hubert-Dudek
Esteemed Contributor III

@Bartosz Wachocki​ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

Kaniz
Community Manager
Community Manager

Hi @Bartosz Wachocki​ , Just a friendly follow-up. Does @Hubert Dudek​ 's answer resolve your query?

Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.