w.users: Users

class databricks.sdk.service.iam.UsersAPI

User identities recognized by Databricks and represented by email addresses.

Databricks recommends using SCIM provisioning to sync users and groups automatically from your identity provider to your Databricks workspace. SCIM streamlines onboarding a new employee or team by using your identity provider to create users and groups in Databricks workspace and give them the proper level of access. When a user leaves your organization or no longer needs access to Databricks workspace, admins can terminate the user in your identity provider and that user’s account will also be removed from Databricks workspace. This ensures a consistent offboarding process and prevents unauthorized users from accessing sensitive data.

create([, active: Optional[bool], display_name: Optional[str], emails: Optional[List[ComplexValue]], entitlements: Optional[List[ComplexValue]], external_id: Optional[str], groups: Optional[List[ComplexValue]], id: Optional[str], name: Optional[Name], roles: Optional[List[ComplexValue]], schemas: Optional[List[UserSchema]], user_name: Optional[str]]) → User

Usage:

import time

from databricks.sdk import WorkspaceClient

w = WorkspaceClient()

user = w.users.create(
    display_name=f"sdk-{time.time_ns()}",
    user_name=f"sdk-{time.time_ns()}@example.com",
)

Creates a new user in the Databricks workspace. This new user will also be added to the Databricks account.

Parameters:

• active – bool (optional) If this user is active

• display_name –

  str (optional) String that represents a concatenation of given and family names. For example John Smith. This field cannot be updated through the Workspace SCIM APIs when [identity federation is enabled]. Use Account SCIM APIs to update displayName.

  [identity federation is enabled]: https://docs.databricks.com/administration-guide/users-groups/best-practices.html#enable-identity-federation

• emails – List[ComplexValue] (optional) All the emails associated with the Databricks user.

• entitlements –

  List[ComplexValue] (optional) Entitlements assigned to the user. See [assigning entitlements] for a full list of supported values.

  [assigning entitlements]: https://docs.databricks.com/administration-guide/users-groups/index.html#assigning-entitlements

• external_id – str (optional) External ID is not currently supported. It is reserved for future use.

• groups – List[ComplexValue] (optional)

• id – str (optional) Databricks user ID.

• name – Name (optional)

• roles – List[ComplexValue] (optional) Corresponds to AWS instance profile/arn role.

• schemas – List[UserSchema] (optional) The schema of the user.

• user_name – str (optional) Email address of the Databricks user.

Returns:

User

delete(id: str)

Usage:

import time

from databricks.sdk import WorkspaceClient

w = WorkspaceClient()

other_owner = w.users.create(user_name=f"sdk-{time.time_ns()}@example.com")

w.users.delete(id=other_owner.id)

Deletes a user. Deleting a user from a Databricks workspace also removes objects associated with the user.

Parameters:

id – str Unique ID for a user in the Databricks workspace.

get(id: str [, attributes: Optional[str], count: Optional[int], excluded_attributes: Optional[str], filter: Optional[str], sort_by: Optional[str], sort_order: Optional[GetSortOrder], start_index: Optional[int]]) → User

Usage:

import time

from databricks.sdk import WorkspaceClient

w = WorkspaceClient()

user = w.users.create(
    display_name=f"sdk-{time.time_ns()}",
    user_name=f"sdk-{time.time_ns()}@example.com",
)

fetch = w.users.get(id=user.id)

Gets information for a specific user in Databricks workspace.

Parameters:

• id – str Unique ID for a user in the Databricks workspace.

• attributes – str (optional) Comma-separated list of attributes to return in response.

• count – int (optional) Desired number of results per page.

• excluded_attributes – str (optional) Comma-separated list of attributes to exclude in response.

• filter –

  str (optional) Query by which the results have to be filtered. Supported operators are equals(eq), contains(co), starts with(sw) and not equals(ne). Additionally, simple expressions can be formed using logical operators - and and or. The [SCIM RFC] has more details but we currently only support simple expressions.

  [SCIM RFC]: https://tools.ietf.org/html/rfc7644#section-3.4.2.2

• sort_by – str (optional) Attribute to sort the results. Multi-part paths are supported. For example, userName, name.givenName, and emails.

• sort_order – GetSortOrder (optional) The order to sort the results.

• start_index – int (optional) Specifies the index of the first result. First item is number 1.

Returns:

User

get_permission_levels() → GetPasswordPermissionLevelsResponse

Gets the permission levels that a user can have on an object.

Returns:

GetPasswordPermissionLevelsResponse

get_permissions() → PasswordPermissions

Gets the permissions of all passwords. Passwords can inherit permissions from their root object.

Returns:

PasswordPermissions

list([, attributes: Optional[str], count: Optional[int], excluded_attributes: Optional[str], filter: Optional[str], sort_by: Optional[str], sort_order: Optional[ListSortOrder], start_index: Optional[int]]) → Iterator[User]

Usage:

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import iam

w = WorkspaceClient()

all_users = w.users.list(
    attributes="id,userName",
    sort_by="userName",
    sort_order=iam.ListSortOrder.DESCENDING,
)

Gets details for all the users associated with a Databricks workspace.

Parameters:

• attributes – str (optional) Comma-separated list of attributes to return in response.

• count – int (optional) Desired number of results per page.

• excluded_attributes – str (optional) Comma-separated list of attributes to exclude in response.

• filter –

  str (optional) Query by which the results have to be filtered. Supported operators are equals(eq), contains(co), starts with(sw) and not equals(ne). Additionally, simple expressions can be formed using logical operators - and and or. The [SCIM RFC] has more details but we currently only support simple expressions.

  [SCIM RFC]: https://tools.ietf.org/html/rfc7644#section-3.4.2.2

• sort_by – str (optional) Attribute to sort the results. Multi-part paths are supported. For example, userName, name.givenName, and emails.

• sort_order – ListSortOrder (optional) The order to sort the results.

• start_index – int (optional) Specifies the index of the first result. First item is number 1.

Returns:

Iterator over User

patch(id: str [, operations: Optional[List[Patch]], schemas: Optional[List[PatchSchema]]])

Usage:

import time

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import iam

w = WorkspaceClient()

user = w.users.create(
    display_name=f"sdk-{time.time_ns()}",
    user_name=f"sdk-{time.time_ns()}@example.com",
)

w.users.patch(
    id=user.id,
    operations=[iam.Patch(op=iam.PatchOp.REPLACE, path="active", value="false")],
    schemas=[iam.PatchSchema.URN_IETF_PARAMS_SCIM_API_MESSAGES_2_0_PATCH_OP],
)

Partially updates a user resource by applying the supplied operations on specific user attributes.

Parameters:

• id – str Unique ID in the Databricks workspace.

• operations – List[Patch] (optional)

• schemas – List[PatchSchema] (optional) The schema of the patch request. Must be [”urn:ietf:params:scim:api:messages:2.0:PatchOp”].

set_permissions([, access_control_list: Optional[List[PasswordAccessControlRequest]]]) → PasswordPermissions

Sets permissions on an object, replacing existing permissions if they exist. Deletes all direct permissions if none are specified. Objects can inherit permissions from their root object.

Parameters:

access_control_list – List[PasswordAccessControlRequest] (optional)

Returns:

PasswordPermissions

update(id: str [, active: Optional[bool], display_name: Optional[str], emails: Optional[List[ComplexValue]], entitlements: Optional[List[ComplexValue]], external_id: Optional[str], groups: Optional[List[ComplexValue]], name: Optional[Name], roles: Optional[List[ComplexValue]], schemas: Optional[List[UserSchema]], user_name: Optional[str]])

Usage:

import time

from databricks.sdk import WorkspaceClient

w = WorkspaceClient()

user = w.users.create(
    display_name=f"sdk-{time.time_ns()}",
    user_name=f"sdk-{time.time_ns()}@example.com",
)

w.users.update(id=user.id, user_name=user.user_name, active=True)

Replaces a user’s information with the data supplied in request.

Parameters:

• id – str Databricks user ID.

• active – bool (optional) If this user is active

• display_name –

  str (optional) String that represents a concatenation of given and family names. For example John Smith. This field cannot be updated through the Workspace SCIM APIs when [identity federation is enabled]. Use Account SCIM APIs to update displayName.

  [identity federation is enabled]: https://docs.databricks.com/administration-guide/users-groups/best-practices.html#enable-identity-federation

• emails – List[ComplexValue] (optional) All the emails associated with the Databricks user.

• entitlements –

  List[ComplexValue] (optional) Entitlements assigned to the user. See [assigning entitlements] for a full list of supported values.

  [assigning entitlements]: https://docs.databricks.com/administration-guide/users-groups/index.html#assigning-entitlements

• external_id – str (optional) External ID is not currently supported. It is reserved for future use.

• groups – List[ComplexValue] (optional)

• name – Name (optional)

• roles – List[ComplexValue] (optional) Corresponds to AWS instance profile/arn role.

• schemas – List[UserSchema] (optional) The schema of the user.

• user_name – str (optional) Email address of the Databricks user.

update_permissions([, access_control_list: Optional[List[PasswordAccessControlRequest]]]) → PasswordPermissions

Updates the permissions on all passwords. Passwords can inherit permissions from their root object.

Parameters:

access_control_list – List[PasswordAccessControlRequest] (optional)

Returns:

PasswordPermissions