cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Creating Groups with API and Python

Go to solution
Derek_Czarny
New Contributor III

โ€Ž10-04-2024 11:20 AM

I am working on a notebook to help me create Azure Databricks Groups.  When I create a group in a workspace using the UI, it automatically creates the group at the account level and links them.  When I create a group using the API, and I create the workspace group, it creates it as a local group to the workspace.  Using a different API, I was able to create the group at the account level.  I have not found the API so I can do the exact same thing that happens in the UI.  Any suggestions?  

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
szymon_dybczak
Esteemed Contributor III

โ€Ž10-04-2024 01:29 PM

Hi @Derek_Czarny ,

Unfortunately, there is no single endpoint that replicates what you can do in the UI. But you can achieve the same with following approach:

- create group at account level using below endpoint:

https://docs.databricks.com/api/account/accountgroups/create

- associate this group with workspace using below endpoint

https://docs.databricks.com/api/account/workspaceassignment/update

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
szymon_dybczak
Esteemed Contributor III

โ€Ž10-04-2024 01:29 PM

Hi @Derek_Czarny ,

Unfortunately, there is no single endpoint that replicates what you can do in the UI. But you can achieve the same with following approach:

- create group at account level using below endpoint:

https://docs.databricks.com/api/account/accountgroups/create

- associate this group with workspace using below endpoint

https://docs.databricks.com/api/account/workspaceassignment/update

0 Kudos

Go to solution
Derek_Czarny
New Contributor III

โ€Ž10-15-2024 07:40 AM

I am finally able to circle back to this.  I can create the account group just fine.  When I go to create the workspace group, I keep getting an error message:

Response: {"error_code":"ENDPOINT_NOT_FOUND","message":"No API found for 'POST /accounts/[REDACTED]/workspaces/[REDACTED]/permissionassignments/principals/[REDACTED]'"

 

0 Kudos

Go to solution
szymon_dybczak
Esteemed Contributor III
In response to Derek_Czarny

โ€Ž10-15-2024 10:45 AM

Hi @Derek_Czarny ,

I guess you're using wrong http method. You should use PUT method instead POST.

0 Kudos

Go to solution
Derek_Czarny
New Contributor III

โ€Ž10-15-2024 11:20 AM

That was it, thank you.  I was looking at the wrong details.  I really appreciate it.

Go to solution
szymon_dybczak
Esteemed Contributor III
In response to Derek_Czarny

โ€Ž10-15-2024 12:11 PM

Cool, I'm happy that it worked for you

0 Kudos

Go to solution
pranav5
New Contributor II

โ€Ž06-18-2025 08:16 AM

I have a couple of questions regarding the Token to achieve this, If I create a workspace PAT token, is it limited to only the workspace or all the workspaces I have access to. And Do my account admin privileges translated to the PAT token I create in the workspace?

Also how to create an account level access token?

0 Kudos

Go to solution
jameshughes
Contributor II
In response to pranav5

โ€Ž06-18-2025 09:17 AM

@pranav5 - Workspace tokens are scoped to the workspace it was created for.  A workspace token for "dev" cannot be used in a different workspace and a new token is required for each one.  Depending on how you have user identities setup, account level tokens can either be generated in the Account portal or if integrated in something like Entra Id (via SCIM), you generate tokens from the authentication provider.

0 Kudos

Go to solution
pranav5
New Contributor II
In response to jameshughes

โ€Ž06-19-2025 01:22 AM

Thanks for this, But I have account admin access and would my workspace token also inherit that or workspace and account admin are segregated meaning, I can't use my account admin privileges at the workspace level, account admin privileges can only affect at the account side?

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements