Databricks Community

takak · 9 hours ago

Hi!

I'd like to restrict some users' permissions using REST API and got an issue while trying to update a permission on 'directories'.

I'm trying to set a user's permission on their default username folder in the workspace to 'can edit' so that they cannot create a new notebook until further approval. This works fine on UI, but if I try with API I get the following error.

{'error_code': 'INVALID_PARAMETER_VALUE', 'message': "Cannot downgrade xxx@abc.com's CAN_MANAGE permission on xxxxxxxxxx"}

Is there any way to make this work programmaticaly?

Alberto_Umana · 7 hours ago

Hi @takak,

Greetings from Databricks!

What is the REST API you are making the call to?

Looks like this might not be supported programmatically, but will try to test it internally. it appears that the CAN_MANAGE permission is a higher-level permission that cannot be downgraded programmatically through the API. This restriction is likely in place to prevent accidental loss of critical management permissions.

Databricks Community

Cannot downgrade workspace object permissions using API

Connect with Databricks Users in Your Area

What’s New With Databricks Assistant?

Databricks Community Champion - October 2024 - Filip Niziol

Become Our Next Monthly Community Champion!

Introducing Simple, Fast, and Scalable Batch LLM Inference on Mosaic AI Model Serving

Databricks Migration Strategy: Lessons Learned