cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

List workspace permissions should return identity

GijsR
New Contributor

Friday

Hi there,

Looking through the documentation, I noticed the /api/2.0/accounts/{account_id}/workspaces/{workspace_id}/permissionassignments/permissions only returns the permissions but not the identity assigned the permission. This would be helpful for scenarios to capture what current permissions are assigned.

0 Kudos
3 REPLIES 3

Advika
Databricks Employee
Databricks Employee

yesterday

Hello @GijsR!

To view the identities assigned to permissions for that workspace, use:
/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/permissionassignments
This endpoint returns the actual users, groups, and service principals mapped to each permission.

https://docs.databricks.com/api/account/workspaceassignment/list

GijsR
New Contributor
In response to Advika

yesterday

I'll give this one a try. Thanks, Advika, for the response!

iyashk-DB
Databricks Employee
Databricks Employee

yesterday

Hello @GijsR ,

For “who has what” today, the most reliable alternatives are the system tables and Unity Catalog information schema views, which do include principals. You can use the information_schema to list the current grants the principals (GRANTEE) for catalogs, schemas, tables, views, volumes, etc.These views return identities and privilege types, and the system-level information schema lets you query across the whole metastore.
Ref Doc - https://docs.databricks.com/aws/en/sql/language-manual/sql-ref-information-schema

You can also use the system-level information schema lets you query across the whole metastore.
the system.access.audit table to capture permission-update events and ACL changes (including user_name, group_name, and permission_level) for workspace apps and other securables; this is event-oriented but can be used to reconstruct or monitor permission assignments over time.
Ref Doc - https://docs.databricks.com/aws/en/admin/system-tables/audit-logs

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements