cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No Explicit Deny for User security configurations at the group level?

Go to solution
Chris_Shehu
Valued Contributor III

‎03-22-2023 03:20 PM

Currently when you add new users to the Databricks workspace they get added to a "Users" group that has full access to the workspace. There should be a way to use group security to explicitly deny access to those same settings. This setting should override the default allow access.

imageimage 

image 

I also noticed the Parent User Groups are empty inside the groups? Is this maybe something we should be using that we're not?

Preview file
12 KB
Preview file
7 KB
Preview file
9 KB
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Anonymous
Not applicable

‎03-24-2023 10:35 AM

@Christopher Shehu​ If you don't want the "Users" group is enabled with "Workspace access" and "Databricks SQL access" entitlements, you disable all entitlements. Create separate groups based on your use case and enable the required entitlements.

Regarding parent user groups, a group can be a member(child) of another group(s). As per the screenshot, subgroup is a child of john_test_group and maingroup (parent groups). Hope this helps.

image

View solution in original post

4 REPLIES 4

Go to solution
Anonymous
Not applicable

‎03-24-2023 10:35 AM

@Christopher Shehu​ If you don't want the "Users" group is enabled with "Workspace access" and "Databricks SQL access" entitlements, you disable all entitlements. Create separate groups based on your use case and enable the required entitlements.

Regarding parent user groups, a group can be a member(child) of another group(s). As per the screenshot, subgroup is a child of john_test_group and maingroup (parent groups). Hope this helps.

image

Go to solution
Anonymous
Not applicable

‎03-26-2023 10:01 PM

Hi @Christopher Shehu​ 

Thank you for posting your question in our community! We are happy to assist you.

To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?

This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance! 

0 Kudos

Go to solution
deanjames
New Contributor II

‎03-28-2023 01:10 AM

Yes, there should be a way to use group security to explicitly deny access to the workspace settings for new users added to the "Users" group. This setting should override the default allow access. UMR Provider Portal Login

Go to solution
Anonymous
Not applicable

‎03-28-2023 03:14 AM

@dean james​ I am not sure about your case why you want to deny access to the group once you create it. Anyhow, we can use deacticate/activate an user using "2.0/preview/scim/v2/Users/{id}" rest API endpoint. We can also deactivate users that have not logged in for a customizable period. Hope this helps

https://docs.databricks.com/dev-tools/api/latest/scim/scim-users.html#activate-and-deactivate-user-b...

https://docs.databricks.com/dev-tools/api/latest/scim/scim-users.html#automatically-deactivate-users

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.