โ11-11-2024 12:42 PM
I'm trying to do something seemingly very simple - disable someone's user account.
I don't even want to delete the user, just disable it for the time being.
How do I go about doing that?
โ11-11-2024 09:49 PM
Hello Aaron
You can disable the user account in the directory of your cloud provider. For example, if you are using Azure Databricks, then you will manage the users via Azure Entra. Then you can simply deactivate the user account in Entra, for example, by unchecking the โAccount enabledโ button.
If you want the user to remain active in the cloud after all and just not be allowed to access Databricks Workspace, you can remove them from the workspace.
The user is not deleted in Entra, but merely removed from the workspace. It can still be found in the account.
โ11-13-2024 07:25 AM
Ah, thanks for the reply Stefan! I should have clarified that I'm using Databricks via the AWS Marketplace.
The issue I'm encountering when I'm trying to remove someone, is that it will say "User assigned through a group cannot be deleted". However, when I go and try to remove the person from the group, I encounter this error:
PERMISSION_DENIED: Requesting user does not have permission to edit system groups.
However, I'm an admin on both the account and workspace.
Let me know! Thanks!
โโ
โ11-13-2024 08:58 AM
Aaron
Is the user in another group as well? You may first remove him from that group, if it is so?
โ11-13-2024 12:45 PM - edited โ11-13-2024 12:45 PM
Looks like you have users added via the system group 'account users' to the workspace. This is a system group and cannot be edited. You may make the user inactive at the workspace level using `Users` Patch API as shown below. You may get the userId from the user details page URL (for eg : 123 being the user Id from user details page : https://abc.cloud.databricks.com/settings/workspace/identity-and-access/users/123?o=456)
```
curl --request PATCH '{{workspaceUrl}}/api/2.0/preview/scim/v2/Users/<UserId>' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <Token>' \
--data '{
"schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
"Operations": [ {
"op": "replace",
"path": "active",
"value": [ { "value": "false" } ]
} ]
}'
โ11-14-2024 07:55 AM
Thanks! I'll try this out and report back!
โ11-15-2024 08:49 AM
Hello! I tried this call. I hid the sensitive information with "HIDDEN" in the example:
curl --request PATCH 'https://HIDDEN.cloud.databricks.com/api/2.0/preview/scim/v2/Users/HIDDEN' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: HIDDEN' \
--data '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [{
"op": "replace",
"path": "active",
"value": false
}]
}'
But I'm getting this error for some reason:
SyntaxError: unterminated string literal (detected at line 5) (command-194238644311154-3846552969, line 5)
Any help is much appreciated!
3 weeks ago
It looks like you might have run it as non-shell command. I can see the same error with the curl command being executed as a python command. Can you try executing it as a shell command by using %sh
magic command
%sh
curl --request PATCH 'https://HIDDEN.cloud.databricks.com/api/2.0/preview/scim/v2/Users/HIDDEN' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: HIDDEN' \
--data '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [{
"op": "replace",
"path": "active",
"value": false
}]
}'
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโt want to miss the chance to attend and share knowledge.
If there isnโt a group near you, start one and help create a community that brings people together.
Request a New Group