cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

Unity Group management, Group: Manager role

AndrewHess
Visitor

We would like to have the ability to assign an individual and/or group to the "Group: Manager" role, providing them with the ability to add/remove users without the need to be an account or workspace administrator.  Ideally this would be an option for the group manager within the user interface, but we'd also be OK with an API solution.

It does look like Databricks is working towards this, as Account & Workspace managers are able to assign a principal to a "Group: Manager" role (screenshot), but we have not been able to figure out a way yet to take advantage of that.  

We've tried following the API documentation listed here, but have not been able to get anything to work that doesn't require the user to also be a workspace manager.

Curious if anyone has been successful in implementing this concept?  Or if there's a roadmap from Databricks on this functionality?

AndrewHess_0-1730378933657.png

 

2 REPLIES 2

NandiniN
Databricks Employee
Databricks Employee

Using the API

You can also use the Account Groups API to assign the "Group: Manager" role. Here is an example of how to do this:

curl --netrc -X PATCH \
  https://${DATABRICKS_HOST}/api/2.1/accounts/{account_id}/scim/v2/Groups/{id} \
  --header 'Content-type: application/scim+json' \
  --data @update-group.json \
  | jq .
Bash
 

update-group.json:

{
  "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
  "Operations": [
    {
      "op": "add",
      "path": "roles",
      "value": [
        {
          "value": "group_manager"
        }
      ]
    }
  ]
}
JSON

Using the Account Console

  1. Log in to the Account Console:

    • As an account admin, log in to the account console.
    • Navigate to the "Groups" tab.
  2. Select the Group:

    • Find and click the group name you want to manage.
    • Go to the "Permissions" tab.
  3. Grant Access:

    • Click "Grant access".
    • Search for and select the user, service principal, or group.
    • Choose the "Group: Manager" role.
    • Click "Save".

Screenshot 2024-10-31 at 7.38.02 PM.pngScreenshot 2024-10-31 at 7.38.13 PM.png

AndrewHess
Visitor

Thanks @NandiniN, good to know about using the API to assign group managers.

What we've been unable to figure out is how a group manager can actually add or remove members from the group they are a manager of?  We haven't been able to get anything to work without the manager also being a Workspace admin, which is not what we want.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group