cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Get Started Discussions
Start your journey with Databricks by joining discussions on getting started guides, tutorials, and introductory topics. Connect with beginners and experts alike to kickstart your Databricks experience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extract all users from Databricks Groups

steveKris
New Contributor

yesterday

Hey everyone,

we are trying to get an overview of all users that we have in our databricks groups. We have tried to do so with the REST API as well as the SQL-queries (with normal developer accounts as well as workspace administrator accounts). The problem was, that we had some users that were visible in the Databricks UI but not when using the above methods. Has anyone any experience on this subject and could help us?

 

Thanks a lot and greetings from Bolzano

Moritz & Stefan

 

0 Kudos
6 REPLIES 6

szymon_dybczak
Esteemed Contributor III

yesterday

Hi @steveKris ,

Maybe some of your groups are in account level? So for example for groups defined at workspace level you need to use following rest api call (workspace level):

szymon_dybczak_0-1764927905397.png

But you have also api endpoint that will give you details of a group at account level:

szymon_dybczak_1-1764927973784.png

 

Raman_Unifeye
Contributor III

yesterday

UI shows all provisioned users, but REST/SQL only expose subsets depending on whether you query account vs workspace vs UC. To get a true overview, you need to combine account SCIM API + workspace SCIM API + UC system tables.


RG #Driving Business Outcomes with Data Intelligence

Hubert-Dudek
Esteemed Contributor III

yesterday

Sometimes I just loop the workspace folder to get all users:

students = [d for d in WORKSPACE_ROOT.iterdir()
            if d.is_dir()
            and "@" in d.name.lower()]
print(students)

 

 

Hubert-Dudek
Esteemed Contributor III

yesterday

All just get group from Azure API when I am using Azure groups which is now popular with just in time provisioning.

authority_url = f"https://login.microsoftonline.com/{TENANT_ID}"
app = msal.ConfidentialClientApplication(CLIENT_ID, authority=authority_url, client_credential=CLIENT_SECRET)
token_result = app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
if not token_result.get("access_token"):
    raise Exception("Failed to obtain Graph API token")
access_token = token_result["access_token"]
headers = {"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"}

group_url = f"https://graph.microsoft.com/v1.0/groups/{GROUP_ID}/members/$ref"
resp_add = requests.get(group_url, headers=headers)

szymon_dybczak
Esteemed Contributor III
In response to Hubert-Dudek

yesterday - last edited yesterday

i

0 Kudos

Poorva21
New Contributor

yesterday

Use the Databricks SQL system users table

SELECT * FROM system.users

Only shows fully provisioned users

 

Users pending invitation may not appear.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements