cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Creating Groups with API and Python

Derek_Czarny
New Contributor III

I am working on a notebook to help me create Azure Databricks Groups.  When I create a group in a workspace using the UI, it automatically creates the group at the account level and links them.  When I create a group using the API, and I create the workspace group, it creates it as a local group to the workspace.  Using a different API, I was able to create the group at the account level.  I have not found the API so I can do the exact same thing that happens in the UI.  Any suggestions?  

1 ACCEPTED SOLUTION

Accepted Solutions

szymon_dybczak
Esteemed Contributor III

Hi @Derek_Czarny ,

Unfortunately, there is no single endpoint that replicates what you can do in the UI. But you can achieve the same with following approach:

- create group at account level using below endpoint:

https://docs.databricks.com/api/account/accountgroups/create

- associate this group with workspace using below endpoint

https://docs.databricks.com/api/account/workspaceassignment/update

View solution in original post

8 REPLIES 8

szymon_dybczak
Esteemed Contributor III

Hi @Derek_Czarny ,

Unfortunately, there is no single endpoint that replicates what you can do in the UI. But you can achieve the same with following approach:

- create group at account level using below endpoint:

https://docs.databricks.com/api/account/accountgroups/create

- associate this group with workspace using below endpoint

https://docs.databricks.com/api/account/workspaceassignment/update

Derek_Czarny
New Contributor III

I am finally able to circle back to this.  I can create the account group just fine.  When I go to create the workspace group, I keep getting an error message:

Response: {"error_code":"ENDPOINT_NOT_FOUND","message":"No API found for 'POST /accounts/[REDACTED]/workspaces/[REDACTED]/permissionassignments/principals/[REDACTED]'"

 

szymon_dybczak
Esteemed Contributor III

Hi @Derek_Czarny ,

I guess you're using wrong http method. You should use PUT method instead POST.

Derek_Czarny
New Contributor III

That was it, thank you.  I was looking at the wrong details.  I really appreciate it.

szymon_dybczak
Esteemed Contributor III

Cool, I'm happy that it worked for you

pranav5
New Contributor II

I have a couple of questions regarding the Token to achieve this, If I create a workspace PAT token, is it limited to only the workspace or all the workspaces I have access to. And Do my account admin privileges translated to the PAT token I create in the workspace?

Also how to create an account level access token?

@pranav5 - Workspace tokens are scoped to the workspace it was created for.  A workspace token for "dev" cannot be used in a different workspace and a new token is required for each one.  Depending on how you have user identities setup, account level tokens can either be generated in the Account portal or if integrated in something like Entra Id (via SCIM), you generate tokens from the authentication provider.

pranav5
New Contributor II

Thanks for this, But I have account admin access and would my workspace token also inherit that or workspace and account admin are segregated meaning, I can't use my account admin privileges at the workspace level, account admin privileges can only affect at the account side?