cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Which API to use to list groups in which a given user is a member

rpl
New Contributor III

Is there an API that can be used to list groups in which a given user is a member? Specifically, Iโ€™d be interested in account (not workspace) groups.

It seems there used to be a workspace-level list-parents API referred to in the answers to this question. The current documentation, however, does not seem to mention list-parents โ€“ has it been deprecated?

I know I can get the required info by listing each group's users and parsing the response, but thatโ€™s rather tedious. Is there an API for this I havenโ€™t found?

6 REPLIES 6

Alberto_Umana
Databricks Employee
Databricks Employee

Hello @rpl,

You can explore this API: https://docs.databricks.com/api/workspace/users/get which would return an attribute (โ€œgroupsโ€) showing the groups a user belongs to at the account level

rpl
New Contributor III

Thanks! But this doesnโ€™t do what I need. It is a workspace-level API that AFAIU returns info on groups that grant the user privileges to the workspace itself, probably also workspace-specific objects like secret scopes, folders etc. If the (account-level) user does not have privileges to he workspace in question, the API returns 404.

What i'm looking for is listing all account-level groups the user is a member in, including groups used to grant privileges to Unity Catalog securable objects. I also donโ€™t necessarily know what workspaces (if any) the user has privileges to when i'm making the query.

rpl
New Contributor III

@Alberto_Umana, do i understand correctly that there isnโ€™t currently an endpoint that returns the info I need? May I request this feature be added on the roadmap? ๐Ÿ™‚

A bit of context: we have tens of catalogs in Unity Catalog and several workspaces in our account. Iโ€™d like a convenient way of querying what groups a user belongs to (our groups are named according to the objects they give privileges to). This would help a lot with troubleshooting when a user reports they don't have access to something they think they should.

I guess for the time being, I need to code a function that uses the python SDK and does some joining.

Hi @rpl ,

Maybe you're looking for following endpoint. This endpoint will return in its payload all groups along with membership info. Then you can easily find where user you're interested in belongs to.

List group details | Account Groups API | REST API reference | Databricks on AWS

rpl
New Contributor III

That API returns the members of a group. I'm looking for the converse: i know the user and i'd like to know what groups they are a member of.

This API will return all groups that belong to your account. Also, in the json payload you have members attribute that you can leverge to filter out payload by a member to whom you want to find group names he belongs to.
If you perform that filtration, you'll end up with all the groups this user belongs to.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group