cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

list users having access to scope credentials

Braxx
Contributor II

Hello!

How do I list all the users or groups having access to the key-vault backed scope credentials?

Let's say, I have a scope called MyScope for which all the secrets are stored in MyKeyVault.

I would like to see what users have access there and ideally their permission level.

TIA

1 ACCEPTED SOLUTION

Accepted Solutions

Hubert-Dudek
Esteemed Contributor III

@Bartosz Wachockiโ€‹ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

View solution in original post

2 REPLIES 2

Hubert-Dudek
Esteemed Contributor III

@Bartosz Wachockiโ€‹ , As secrets use ACL for the scope, you need to make an API call (can be via CLI also) to list ACL for the given scope >> 2.0/secrets/acls/list more info here https://docs.databricks.com/dev-tools/api/latest/secrets.html#list-secret-acls

curl --netrc --request GET \
'https://<databricks-instance>/api/2.0/secrets/acls/list?scope=<scope-name>' \
| jq .

Then it returns users or groups:

{
  "items": [
    {
      "principal": "admins",
      "permission": "MANAGE"
    },
    {
      "principal": "data-scientists",
      "permission": "READ"
    }
  ]
}

Then for groups you can use an API call to get users from group >> 2.0/groups/list-members more on https://docs.databricks.com/dev-tools/api/latest/groups.html#list-members

Kaniz_Fatma
Community Manager
Community Manager

Hi @Bartosz Wachockiโ€‹ , Just a friendly follow-up. Does @Hubert Dudekโ€‹ 's answer resolve your query?

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group