3 weeks ago
I'm trying to do something seemingly very simple - disable someone's user account.
I don't even want to delete the user, just disable it for the time being.
How do I go about doing that?
3 weeks ago
Hello Aaron
You can disable the user account in the directory of your cloud provider. For example, if you are using Azure Databricks, then you will manage the users via Azure Entra. Then you can simply deactivate the user account in Entra, for example, by unchecking the โAccount enabledโ button.
If you want the user to remain active in the cloud after all and just not be allowed to access Databricks Workspace, you can remove them from the workspace.
The user is not deleted in Entra, but merely removed from the workspace. It can still be found in the account.
3 weeks ago
Ah, thanks for the reply Stefan! I should have clarified that I'm using Databricks via the AWS Marketplace.
The issue I'm encountering when I'm trying to remove someone, is that it will say "User assigned through a group cannot be deleted". However, when I go and try to remove the person from the group, I encounter this error:
PERMISSION_DENIED: Requesting user does not have permission to edit system groups.
However, I'm an admin on both the account and workspace.
Let me know! Thanks!
โโ
3 weeks ago
Aaron
Is the user in another group as well? You may first remove him from that group, if it is so?
3 weeks ago - last edited 3 weeks ago
Looks like you have users added via the system group 'account users' to the workspace. This is a system group and cannot be edited. You may make the user inactive at the workspace level using `Users` Patch API as shown below. You may get the userId from the user details page URL (for eg : 123 being the user Id from user details page : https://abc.cloud.databricks.com/settings/workspace/identity-and-access/users/123?o=456)
```
curl --request PATCH '{{workspaceUrl}}/api/2.0/preview/scim/v2/Users/<UserId>' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <Token>' \
--data '{
"schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
"Operations": [ {
"op": "replace",
"path": "active",
"value": [ { "value": "false" } ]
} ]
}'
3 weeks ago
Thanks! I'll try this out and report back!
3 weeks ago
Hello! I tried this call. I hid the sensitive information with "HIDDEN" in the example:
curl --request PATCH 'https://HIDDEN.cloud.databricks.com/api/2.0/preview/scim/v2/Users/HIDDEN' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: HIDDEN' \
--data '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [{
"op": "replace",
"path": "active",
"value": false
}]
}'
But I'm getting this error for some reason:
SyntaxError: unterminated string literal (detected at line 5) (command-194238644311154-3846552969, line 5)
Any help is much appreciated!
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโt want to miss the chance to attend and share knowledge.
If there isnโt a group near you, start one and help create a community that brings people together.
Request a New Group