Databricks Community

reddybhargava · ‎10-08-2024

We have REST API methods to set,update,Get object permissions documented here https://docs.databricks.com/api/workspace/permissions

Is there a way to revoke the permissions which are granted through REST API

szymon_dybczak · ‎10-08-2024

Hi @reddybhargava ,

You're correct, there is no direct delete method in REST API. To delete/revoke permission you need to use set method.

Any previous permissions are overwritten by the new values, and any permissions omitted are removed. It's little inconvenient, but it works 😉

reddybhargava · ‎10-09-2024

Thank you for your response!

We have a situation where we assigned CAN_BIND permissions to a group for a service principal using the following:

$ vim grant-service-principal.json
{
"access_control_list": [
{
"user_name": "{username}",
"permission_level": "CAN_BIND"
}
]
}
$ curl -X PATCH {DATABRICKS_HOST}/api/2.0/permissions/service-principals/{SP_ID}
header "Content-type: application/json" header "Authorization: Bearer
${DATABRICKS_TOKEN}" data @Grant-service-principal.json

However, the issue with using the SET method to overwrite these permissions is that, as far as we have tried, we can only assign CAN_BIND to a service principal and cannot assign other permissions like CAN_VIEW, etc.

Do you have any suggestions on how we might address this?