โ11-11-2024 06:00 AM - edited โ11-11-2024 06:05 AM
Is there an API that can be used to list groups in which a given user is a member? Specifically, Iโd be interested in account (not workspace) groups.
It seems there used to be a workspace-level list-parents API referred to in the answers to this question. The current documentation, however, does not seem to mention list-parents โ has it been deprecated?
I know I can get the required info by listing each group's users and parsing the response, but thatโs rather tedious. Is there an API for this I havenโt found?
โ11-14-2024 05:39 AM - edited โ11-14-2024 05:43 AM
Hi @rpl ,
Maybe you're looking for following endpoint. This endpoint will return in its payload all groups along with membership info. Then you can easily find where user you're interested in belongs to.
List group details | Account Groups API | REST API reference | Databricks on AWS
โ11-11-2024 09:12 AM
Hello @rpl,
You can explore this API: https://docs.databricks.com/api/workspace/users/get which would return an attribute (โgroupsโ) showing the groups a user belongs to at the account level
โ11-11-2024 10:55 PM
Thanks! But this doesnโt do what I need. It is a workspace-level API that AFAIU returns info on groups that grant the user privileges to the workspace itself, probably also workspace-specific objects like secret scopes, folders etc. If the (account-level) user does not have privileges to he workspace in question, the API returns 404.
What i'm looking for is listing all account-level groups the user is a member in, including groups used to grant privileges to Unity Catalog securable objects. I also donโt necessarily know what workspaces (if any) the user has privileges to when i'm making the query.
โ11-14-2024 04:28 AM
@Alberto_Umana, do i understand correctly that there isnโt currently an endpoint that returns the info I need? May I request this feature be added on the roadmap? ๐
A bit of context: we have tens of catalogs in Unity Catalog and several workspaces in our account. Iโd like a convenient way of querying what groups a user belongs to (our groups are named according to the objects they give privileges to). This would help a lot with troubleshooting when a user reports they don't have access to something they think they should.
I guess for the time being, I need to code a function that uses the python SDK and does some joining.
โ11-14-2024 05:39 AM - edited โ11-14-2024 05:43 AM
Hi @rpl ,
Maybe you're looking for following endpoint. This endpoint will return in its payload all groups along with membership info. Then you can easily find where user you're interested in belongs to.
List group details | Account Groups API | REST API reference | Databricks on AWS
โ11-14-2024 05:43 AM
That API returns the members of a group. I'm looking for the converse: i know the user and i'd like to know what groups they are a member of.
โ11-14-2024 05:50 AM - edited โ11-14-2024 05:51 AM
This API will return all groups that belong to your account. Also, in the json payload you have members attribute that you can leverge to filter out payload by a member to whom you want to find group names he belongs to.
If you perform that filtration, you'll end up with all the groups this user belongs to.
โ11-15-2024 12:29 AM
Brilliant, thank you! I tried out that one via databricks CLI, but the CLI doesnโt return members. Using the API directly fixed that.
โ11-15-2024 12:45 AM
Hi,
Cool, I'm happy that it worked for you ๐
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโt want to miss the chance to attend and share knowledge.
If there isnโt a group near you, start one and help create a community that brings people together.
Request a New Group