cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

list users having access to scope credentials

Braxx
Contributor II

Hello!

How do I list all the users or groups having access to the key-vault backed scope credentials?

Let's say, I have a scope called MyScope for which all the secrets are stored in MyKeyVault.

I would like to see what users have access there and ideally their permission level.

TIA

1 ACCEPTED SOLUTION

Accepted Solutions

Hubert-Dudek
Esteemed Contributor III

@Bartosz Wachocki​ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

View solution in original post

2 REPLIES 2

Hubert-Dudek
Esteemed Contributor III

@Bartosz Wachocki​ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

Kaniz_Fatma
Community Manager
Community Manager

Hi @Bartosz Wachocki​ , Just a friendly follow-up. Does @Hubert Dudek​ 's answer resolve your query?

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!