cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

list users having access to scope credentials

Go to solution
Braxx
Contributor II

โ€Ž04-06-2022 03:17 AM

Hello!

How do I list all the users or groups having access to the key-vault backed scope credentials?

Let's say, I have a scope called MyScope for which all the secrets are stored in MyKeyVault.

I would like to see what users have access there and ideally their permission level.

TIA

Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Hubert-Dudek
Esteemed Contributor III

โ€Ž04-06-2022 06:38 AM

@Bartosz Wachockiโ€‹ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

View solution in original post

1 REPLY 1

Go to solution
Hubert-Dudek
Esteemed Contributor III

โ€Ž04-06-2022 06:38 AM

@Bartosz Wachockiโ€‹ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements