11-11-2024 06:00 AM - edited 11-11-2024 06:05 AM
Is there an API that can be used to list groups in which a given user is a member? Specifically, I’d be interested in account (not workspace) groups.
It seems there used to be a workspace-level list-parents API referred to in the answers to this question. The current documentation, however, does not seem to mention list-parents – has it been deprecated?
I know I can get the required info by listing each group's users and parsing the response, but that’s rather tedious. Is there an API for this I haven’t found?
11-14-2024 05:39 AM - edited 11-14-2024 05:43 AM
Hi @rpl ,
Maybe you're looking for following endpoint. This endpoint will return in its payload all groups along with membership info. Then you can easily find where user you're interested in belongs to.
List group details | Account Groups API | REST API reference | Databricks on AWS
11-11-2024 09:12 AM
Hello @rpl,
You can explore this API: https://docs.databricks.com/api/workspace/users/get which would return an attribute (“groups”) showing the groups a user belongs to at the account level
11-11-2024 10:55 PM
Thanks! But this doesn’t do what I need. It is a workspace-level API that AFAIU returns info on groups that grant the user privileges to the workspace itself, probably also workspace-specific objects like secret scopes, folders etc. If the (account-level) user does not have privileges to he workspace in question, the API returns 404.
What i'm looking for is listing all account-level groups the user is a member in, including groups used to grant privileges to Unity Catalog securable objects. I also don’t necessarily know what workspaces (if any) the user has privileges to when i'm making the query.
11-14-2024 04:28 AM
@Alberto_Umana, do i understand correctly that there isn’t currently an endpoint that returns the info I need? May I request this feature be added on the roadmap? 🙂
A bit of context: we have tens of catalogs in Unity Catalog and several workspaces in our account. I’d like a convenient way of querying what groups a user belongs to (our groups are named according to the objects they give privileges to). This would help a lot with troubleshooting when a user reports they don't have access to something they think they should.
I guess for the time being, I need to code a function that uses the python SDK and does some joining.
11-14-2024 05:39 AM - edited 11-14-2024 05:43 AM
Hi @rpl ,
Maybe you're looking for following endpoint. This endpoint will return in its payload all groups along with membership info. Then you can easily find where user you're interested in belongs to.
List group details | Account Groups API | REST API reference | Databricks on AWS
11-14-2024 05:43 AM
That API returns the members of a group. I'm looking for the converse: i know the user and i'd like to know what groups they are a member of.
11-14-2024 05:50 AM - edited 11-14-2024 05:51 AM
This API will return all groups that belong to your account. Also, in the json payload you have members attribute that you can leverge to filter out payload by a member to whom you want to find group names he belongs to.
If you perform that filtration, you'll end up with all the groups this user belongs to.
11-15-2024 12:29 AM
Brilliant, thank you! I tried out that one via databricks CLI, but the CLI doesn’t return members. Using the API directly fixed that.
11-15-2024 12:45 AM
Hi,
Cool, I'm happy that it worked for you 🙂
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.
If there isn’t a group near you, start one and help create a community that brings people together.
Request a New Group