Databricks Community

Aaron_Wong · 2 weeks ago

I'm trying to do something seemingly very simple - disable someone's user account.

I don't even want to delete the user, just disable it for the time being.

How do I go about doing that?

Stefan-Koch · 2 weeks ago

Hello Aaron

You can disable the user account in the directory of your cloud provider. For example, if you are using Azure Databricks, then you will manage the users via Azure Entra. Then you can simply deactivate the user account in Entra, for example, by unchecking the “Account enabled” button.

If you want the user to remain active in the cloud after all and just not be allowed to access Databricks Workspace, you can remove them from the workspace.

The user is not deleted in Entra, but merely removed from the workspace. It can still be found in the account.

Aaron_Wong · a week ago

Ah, thanks for the reply Stefan! I should have clarified that I'm using Databricks via the AWS Marketplace.

The issue I'm encountering when I'm trying to remove someone, is that it will say "User assigned through a group cannot be deleted". However, when I go and try to remove the person from the group, I encounter this error:

PERMISSION_DENIED: Requesting user does not have permission to edit system groups.

However, I'm an admin on both the account and workspace.

Let me know! Thanks!

Stefan-Koch · a week ago

Aaron

Is the user in another group as well? You may first remove him from that group, if it is so?

arjun_kr · a week ago

Looks like you have users added via the system group 'account users' to the workspace. This is a system group and cannot be edited. You may make the user inactive at the workspace level using `Users` Patch API as shown below. You may get the userId from the user details page URL (for eg : 123 being the user Id from user details page : https://abc.cloud.databricks.com/settings/workspace/identity-and-access/users/123?o=456)
```

curl  --request PATCH '{{workspaceUrl}}/api/2.0/preview/scim/v2/Users/<UserId>' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <Token>' \
--data '{
  "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], 
  "Operations": [ { 
    "op": "replace", 
    "path": "active", 
    "value": [ { "value": "false" } ] 
  } ] 
}'

Aaron_Wong · a week ago

Thanks! I'll try this out and report back!

Aaron_Wong · a week ago

Hello! I tried this call. I hid the sensitive information with "HIDDEN" in the example:

curl --request PATCH 'https://HIDDEN.cloud.databricks.com/api/2.0/preview/scim/v2/Users/HIDDEN' \
--header 'Accept: application/scim+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: HIDDEN' \
--data '{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], 
  "Operations": [{
    "op": "replace", 
    "path": "active", 
    "value": false 
  }] 
}'

But I'm getting this error for some reason:

SyntaxError: unterminated string literal (detected at line 5) (command-194238644311154-3846552969, line 5)

Any help is much appreciated!