Reputation: 21
How to Retrieve Admin and Non-Admin Permissions at Workspace Level in Azure Databricks
I am working on a project to document permissions for both admins and non-admin users across all relevant objects at the workspace level in Azure Databricks (e.g., tables, jobs, clusters, etc.).
I understand that admin-level permissions might be partially available through information schema, but detailed permissions for non-admin users likely require the Databricks REST API.
Could you guide me on:
- The most efficient way to retrieve and document these permissions?
- Whether there are built-in tools or queries for this purpose?
- Any recommended practices for structuring this data in a report?
Thank you!
Upvotes: 0
Views: 119
Answers (1)
Reputation: 3250
For both admins and non-admin users across all relevant objects at the workspace level in Azure Databricks, you can follow these steps:
you can use Databricks INFORMATION_SCHEMA queries to retrieve information about tables and database-level permissions.
The INFORMATION_SCHEMA is a SQL standard-based schema provided in every catalog created on Unity Catalog.
Query to Retrieve Table Permissions:
SELECT
table_catalog,
table_schema,
table_name,
grantee,
privilege_type- [ ]
FROM
information_schema.table_privileges
WHERE
table_schema = 'your_schema_name'
The above query will return the catalog, schema, table name, grantee (user or group), and the type of privilege granted for each table in the specified schema.
Query to Retrieve Database-Level Permissions:
SELECT
catalog_name,
schema_name,
grantee,
privilege_type
FROM
information_schema.schema_privileges
WHERE
schema_name = 'your_schema_name'
Results:
**Table Privileges:**
+-------------+------------+------------+-----------------+--------------+
|table_catalog|table_schema| table_name| grantee|privilege_type|
+-------------+------------+------------+-----------------+--------------+
| catalog1| schema1| sales_table|[email protected]| SELECT|
| catalog1| schema1| sales_table|[email protected]| INSERT|
| catalog1| schema1|orders_table| team_sales| SELECT|
| catalog1| schema1|orders_table|[email protected]| DELETE|
+-------------+------------+------------+-----------------+--------------+
**Schema Privileges:**
+------------+-----------+-----------------+--------------+
|catalog_name|schema_name| grantee|privilege_type|
+------------+-----------+-----------------+--------------+
| catalog1| schema1|[email protected]| CREATE|
| catalog1| schema1|[email protected]| USAGE|
+------------+-----------+-----------------+--------------+
Regarding the Clusters Use the Clusters API to list clusters and their permissions. Use the Jobs API to list jobs and their permissions.
Upvotes: 0
Related Questions
- Azure Databricks job result permissions
- how to enable the PAT token in databricks for users under a azure group through terraform
- How to edit permissions of Databricks queries with REST API?
- Forcing Databricks SQL Style Permissions even For Data engineering and machine learning personas
- How to configure Terraform Databricks provider when deploying multiple databricks workspaces on Azure
- Azure Databricks SCIM provisioning
- Sync Azure AD users & groups to Azure Databricks workspace without using Azure Databricks SCIM Connector
- How to show column "Run as" user in Databricks workflows "Job runs" tab
- Restrict rights of Non Admin Users within Databricks Workspace