cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

How to get a list of workspace users who have the "unrestricted cluster create" entitlement ?

Go to solution
djburnham
New Contributor III

3 weeks ago

Hello - I'm hoping somebody can help me with this ... I have a lot of users configured with access to a workspace (100's) and I want to write a report to see if any of the users have  "unrestricted cluster create" entitlement in the workspace. This information used to be available in the UI but it looks like you have to go into each user and inspect individually - this will take me ages if I have to do this (and is bound to make me angry). What I want is a report to give me this information. I'm happy using the CLI or the API to achieve this - but I can't see it in the docs or the internal help in the CLI - has anyone done this already ? Many thanks for your help. 

Kind regards, David.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
djburnham
New Contributor III

3 weeks ago

Many thanks for you help @Yeshwanth  it put me on the right track. The API does have a filter option and that looks like it complies with rfc7644 but my attempts to use it were rather hit and miss - I suspect as the API is preview it is not fully implemented. Getting the info out of the API was enough to allow me to parse the json using jq to get the list of users with the "allow-cluster-create" privilege. Here is the code running in a linux bash prompt to get the list of users with the privilege. 

$ databricks api get /api/2.0/preview/scim/v2/Users| jq '.Resources | map(select(.entitlements != null and (.entitlements | any(.value == "allow-cluster-create")))) | map(.userName)'

 This was so much easier when there was a page in the GUI to show entitlements ... Is it hidden now of have I just lost it ?

Kind regards, David

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Yeshwanth
Honored Contributor
Honored Contributor

3 weeks ago

Hello @djburnham, good day!

Did you try using this API: https://docs.databricks.com/api/workspace/users/list

This API provides a list of all the users in the workspace and their entitlements. You can get the list of users, parse through each user's entitlements, find out who has unrestricted cluster creation permission, and then create a report on it. I believe this will help you. Please share your thoughts on this.

Best regards

Go to solution
djburnham
New Contributor III

3 weeks ago

Many thanks for you help @Yeshwanth  it put me on the right track. The API does have a filter option and that looks like it complies with rfc7644 but my attempts to use it were rather hit and miss - I suspect as the API is preview it is not fully implemented. Getting the info out of the API was enough to allow me to parse the json using jq to get the list of users with the "allow-cluster-create" privilege. Here is the code running in a linux bash prompt to get the list of users with the privilege. 

$ databricks api get /api/2.0/preview/scim/v2/Users| jq '.Resources | map(select(.entitlements != null and (.entitlements | any(.value == "allow-cluster-create")))) | map(.userName)'

 This was so much easier when there was a page in the GUI to show entitlements ... Is it hidden now of have I just lost it ?

Kind regards, David

0 Kudos
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!

Announcements