cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

How do I simply disable someone's user account

Aaron_Wong
New Contributor II

I'm trying to do something seemingly very simple - disable someone's user account. 

I don't even want to delete the user, just disable it for the time being. 

How do I go about doing that? 

7 REPLIES 7

Stefan-Koch
Contributor III

Hello Aaron

You can disable the user account in the directory of your cloud provider. For example, if you are using Azure Databricks, then you will manage the users via Azure Entra. Then you can simply deactivate the user account in Entra, for example, by unchecking the โ€œAccount enabledโ€ button.

StefanKoch_0-1731389954406.png

If you want the user to remain active in the cloud after all and just not be allowed to access Databricks Workspace, you can remove them from the workspace.

StefanKoch_1-1731390236707.png

The user is not deleted in Entra, but merely removed from the workspace. It can still be found in the account.

StefanKoch_2-1731390569544.png

 

 

Aaron_Wong
New Contributor II

Ah, thanks for the reply Stefan! I should have clarified that I'm using Databricks via the AWS Marketplace. 

The issue I'm encountering when I'm trying to remove someone, is that it will say "User assigned through a group cannot be deleted".  However, when I go and try to remove the person from the group, I encounter this error: 

PERMISSION_DENIED: Requesting user does not have permission to edit system groups. 

However, I'm an admin on both the account and workspace. 

Let me know! Thanks! 

Screenshot 2024-11-13 at 10.17.31โ€ฏAM.png

โ€ƒโ€ƒScreenshot 2024-11-13 at 10.21.52โ€ฏAM.png

 

Stefan-Koch
Contributor III

Aaron

Is the user in another group as well? You may first remove him from that group, if it is so?

arjun_kr
Databricks Employee
Databricks Employee

Looks like you have users added via the system group 'account users' to the workspace. This is a system group and cannot be edited. You may make the user inactive at the workspace level using `Users` Patch API as shown below. You may get the userId from the user details page URL  (for eg : 123 being the user Id from user details page :  https://abc.cloud.databricks.com/settings/workspace/identity-and-access/users/123?o=456)
```

 

curl  --request PATCH '{{workspaceUrl}}/api/2.0/preview/scim/v2/Users/<UserId>' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <Token>' \
--data '{
  "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], 
  "Operations": [ { 
    "op": "replace", 
    "path": "active", 
    "value": [ { "value": "false" } ] 
  } ] 
}'

 



Aaron_Wong
New Contributor II

Thanks! I'll try this out and report back! 

Aaron_Wong
New Contributor II

Hello! I tried this call. I hid the sensitive information with "HIDDEN" in the example: 

 

curl --request PATCH 'https://HIDDEN.cloud.databricks.com/api/2.0/preview/scim/v2/Users/HIDDEN' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: HIDDEN' \
--data '{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], 
  "Operations": [{
    "op": "replace", 
    "path": "active", 
    "value": false 
  }] 
}'

 

But I'm getting this error for some reason: 

SyntaxError: unterminated string literal (detected at line 5) (command-194238644311154-3846552969, line 5)

Any help is much appreciated! 

arjun_kr
Databricks Employee
Databricks Employee

It looks like you might have run it as non-shell command. I can see the same error with the curl command being executed as a python command. Can you try executing it as a shell command by using %sh magic command   

%sh 
curl --request PATCH 'https://HIDDEN.cloud.databricks.com/api/2.0/preview/scim/v2/Users/HIDDEN' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: HIDDEN' \
--data '{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], 
  "Operations": [{
    "op": "replace", 
    "path": "active", 
    "value": false 
  }] 
}'

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group