cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to get a list of workspace users who have the "unrestricted cluster create" entitlement ?

Go to solution
djburnham
New Contributor III

‎06-05-2024 03:57 AM

Hello - I'm hoping somebody can help me with this ... I have a lot of users configured with access to a workspace (100's) and I want to write a report to see if any of the users have  "unrestricted cluster create" entitlement in the workspace. This information used to be available in the UI but it looks like you have to go into each user and inspect individually - this will take me ages if I have to do this (and is bound to make me angry). What I want is a report to give me this information. I'm happy using the CLI or the API to achieve this - but I can't see it in the docs or the internal help in the CLI - has anyone done this already ? Many thanks for your help. 

Kind regards, David.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
djburnham
New Contributor III

‎06-06-2024 03:47 AM

Many thanks for you help @Yeshwanth  it put me on the right track. The API does have a filter option and that looks like it complies with rfc7644 but my attempts to use it were rather hit and miss - I suspect as the API is preview it is not fully implemented. Getting the info out of the API was enough to allow me to parse the json using jq to get the list of users with the "allow-cluster-create" privilege. Here is the code running in a linux bash prompt to get the list of users with the privilege. 

$ databricks api get /api/2.0/preview/scim/v2/Users| jq '.Resources | map(select(.entitlements != null and (.entitlements | any(.value == "allow-cluster-create")))) | map(.userName)'

 This was so much easier when there was a page in the GUI to show entitlements ... Is it hidden now of have I just lost it ?

Kind regards, David

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Yeshwanth
Databricks Employee
Databricks Employee

‎06-05-2024 10:27 PM

Hello @djburnham, good day!

Did you try using this API: https://docs.databricks.com/api/workspace/users/list

This API provides a list of all the users in the workspace and their entitlements. You can get the list of users, parse through each user's entitlements, find out who has unrestricted cluster creation permission, and then create a report on it. I believe this will help you. Please share your thoughts on this.

Best regards

Go to solution
djburnham
New Contributor III

‎06-06-2024 03:47 AM

Many thanks for you help @Yeshwanth  it put me on the right track. The API does have a filter option and that looks like it complies with rfc7644 but my attempts to use it were rather hit and miss - I suspect as the API is preview it is not fully implemented. Getting the info out of the API was enough to allow me to parse the json using jq to get the list of users with the "allow-cluster-create" privilege. Here is the code running in a linux bash prompt to get the list of users with the privilege. 

$ databricks api get /api/2.0/preview/scim/v2/Users| jq '.Resources | map(select(.entitlements != null and (.entitlements | any(.value == "allow-cluster-create")))) | map(.userName)'

 This was so much easier when there was a page in the GUI to show entitlements ... Is it hidden now of have I just lost it ?

Kind regards, David

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top