``w.token_management``: Token management ======================================== .. currentmodule:: databricks.sdk.service.settings .. py:class:: TokenManagementAPI Enables administrators to get all tokens and delete tokens for other users. Admins can either get every token, get a specific token by ID, or get all tokens for a particular user. .. py:method:: create_obo_token(application_id: str [, autoscope_enabled: Optional[bool], comment: Optional[str], lifetime_seconds: Optional[int], scopes: Optional[List[str]]]) -> CreateOboTokenResponse Usage: .. code-block:: import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() groups = w.groups.group_display_name_to_id_map(iam.ListGroupsRequest()) spn = w.service_principals.create( display_name=f"sdk-{time.time_ns()}", groups=[iam.ComplexValue(value=groups["admins"])], ) obo = w.token_management.create_obo_token(application_id=spn.application_id, lifetime_seconds=60) # cleanup w.service_principals.delete(id=spn.id) w.token_management.delete(token_id=obo.token_info.token_id) Creates a token on behalf of a service principal. :param application_id: str Application ID of the service principal. :param autoscope_enabled: bool (optional) Whether to enable autoscoping for this token. :param comment: str (optional) Comment that describes the purpose of the token. :param lifetime_seconds: int (optional) The number of seconds before the token expires. :param scopes: List[str] (optional) :returns: :class:`CreateOboTokenResponse` .. py:method:: delete(token_id: str) Deletes a token, specified by its ID. :param token_id: str The ID of the token to revoke. .. py:method:: get(token_id: str) -> GetTokenResponse Usage: .. code-block:: import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() groups = w.groups.group_display_name_to_id_map(iam.ListGroupsRequest()) spn = w.service_principals.create( display_name=f"sdk-{time.time_ns()}", groups=[iam.ComplexValue(value=groups["admins"])], ) obo = w.token_management.create_obo_token(application_id=spn.application_id, lifetime_seconds=60) by_id = w.token_management.get(token_id=obo.token_info.token_id) # cleanup w.service_principals.delete(id=spn.id) w.token_management.delete(token_id=obo.token_info.token_id) Gets information about a token, specified by its ID. :param token_id: str The ID of the token to get. :returns: :class:`GetTokenResponse` .. py:method:: get_permission_levels() -> GetTokenPermissionLevelsResponse Gets the permission levels that a user can have on an object. :returns: :class:`GetTokenPermissionLevelsResponse` .. py:method:: get_permissions() -> TokenPermissions Gets the permissions of all tokens. Tokens can inherit permissions from their root object. :returns: :class:`TokenPermissions` .. py:method:: list( [, created_by_id: Optional[int], created_by_username: Optional[str]]) -> Iterator[TokenInfo] Usage: .. code-block:: from databricks.sdk import WorkspaceClient from databricks.sdk.service import settings w = WorkspaceClient() all = w.token_management.list(settings.ListTokenManagementRequest()) Lists all tokens associated with the specified workspace or user. :param created_by_id: int (optional) User ID of the user that created the token. :param created_by_username: str (optional) Username of the user that created the token. :returns: Iterator over :class:`TokenInfo` .. py:method:: set_permissions( [, access_control_list: Optional[List[TokenAccessControlRequest]]]) -> TokenPermissions Sets permissions on an object, replacing existing permissions if they exist. Deletes all direct permissions if none are specified. Objects can inherit permissions from their root object. :param access_control_list: List[:class:`TokenAccessControlRequest`] (optional) :returns: :class:`TokenPermissions` .. py:method:: update_permissions( [, access_control_list: Optional[List[TokenAccessControlRequest]]]) -> TokenPermissions Updates the permissions on all tokens. Tokens can inherit permissions from their root object. :param access_control_list: List[:class:`TokenAccessControlRequest`] (optional) :returns: :class:`TokenPermissions` .. py:method:: update_token_management(token_id: str, token: TokenInfo, update_mask: FieldMask) -> TokenInfo Updates a token, specified by its ID. :param token_id: str ID of the token. :param token: :class:`TokenInfo` :param update_mask: FieldMask A list of field name under token, For example, {"update_mask": "comment,scopes"} The field mask must be a single string, with multiple fields separated by commas (no spaces). The field path is relative to the resource object, using a dot (`.`) to navigate sub-fields (e.g., `author.given_name`). Specification of elements in sequence or map fields is not allowed, as only the entire collection field can be specified. Field names must exactly match the resource field names. A field mask of `*` indicates full replacement. It’s recommended to always explicitly list the fields being updated and avoid using `*` wildcards, as it can lead to unintended results if the API changes in the future. :returns: :class:`TokenInfo`