w.permissions: Permissions¶
- class databricks.sdk.service.iam.PermissionsAPI¶
Permissions API are used to create read, write, edit, update and manage access for various users on different objects and endpoints. * [Apps permissions](:service:apps) — Manage which users can manage or use apps. * [Cluster permissions](:service:clusters) — Manage which users can manage, restart, or attach to clusters. * [Cluster policy permissions](:service:clusterpolicies) — Manage which users can use cluster policies. * [Spark Declarative Pipelines permissions](:service:pipelines) — Manage which users can view, manage, run, cancel, or own a Spark Declarative Pipeline. * [Job permissions](:service:jobs) — Manage which users can view, manage, trigger, cancel, or own a job. * [MLflow experiment permissions](:service:experiments) — Manage which users can read, edit, or manage MLflow experiments. * [MLflow registered model permissions](:service:modelregistry) — Manage which users can read, edit, or manage MLflow registered models. * [Instance Pool permissions](:service:instancepools) — Manage which users can manage or attach to pools. * [Repo permissions](repos) — Manage which users can read, run, edit, or manage a repo. * [Serving endpoint permissions](:service:servingendpoints) — Manage which users can view, query, or manage a serving endpoint. * [SQL warehouse permissions](:service:warehouses) — Manage which users can use or manage SQL warehouses. * [Token permissions](:service:tokenmanagement) — Manage which users can create or use tokens. * [Workspace object permissions](:service:workspace) — Manage which users can read, run, edit, or manage alerts, dbsql-dashboards, directories, files, notebooks and queries. For the mapping of the required permissions for specific actions or abilities and other important information, see [Access Control]. Note that to manage access control on service principals, use [Account Access Control Proxy](:service:accountaccesscontrolproxy).
[Access Control]: https://docs.databricks.com/security/auth-authz/access-control/index.html
- get(request_object_type: str, request_object_id: str) ObjectPermissions¶
Usage:
import time from databricks.sdk import WorkspaceClient w = WorkspaceClient() notebook_path = f"/Users/{w.current_user.me().user_name}/sdk-{time.time_ns()}" obj = w.workspace.get_status(path=notebook_path) levels = w.permissions.get_permission_levels(request_object_type="notebooks", request_object_id="%d" % (obj.object_id))
Gets the permissions of an object. Objects can inherit permissions from their parent objects or root object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str The id of the request object.
- Returns:
- get_permission_levels(request_object_type: str, request_object_id: str) GetPermissionLevelsResponse¶
Usage:
import time from databricks.sdk import WorkspaceClient w = WorkspaceClient() notebook_path = f"/Users/{w.current_user.me().user_name}/sdk-{time.time_ns()}" obj = w.workspace.get_status(path=notebook_path) levels = w.permissions.get_permission_levels(request_object_type="notebooks", request_object_id="%d" % (obj.object_id))
Gets the permission levels that a user can have on an object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str
- Returns:
- set(request_object_type: str, request_object_id: str [, access_control_list: Optional[List[AccessControlRequest]]]) ObjectPermissions¶
Usage:
import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() notebook_path = f"/Users/{w.current_user.me().user_name}/sdk-{time.time_ns()}" group = w.groups.create(display_name=f"sdk-{time.time_ns()}") obj = w.workspace.get_status(path=notebook_path) _ = w.permissions.set( request_object_type="notebooks", request_object_id="%d" % (obj.object_id), access_control_list=[ iam.AccessControlRequest( group_name=group.display_name, permission_level=iam.PermissionLevel.CAN_RUN, ) ], ) # cleanup w.groups.delete(id=group.id)
Sets permissions on an object, replacing existing permissions if they exist. Deletes all direct permissions if none are specified. Objects can inherit permissions from their parent objects or root object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str The id of the request object.
access_control_list – List[
AccessControlRequest] (optional)
- Returns:
- update(request_object_type: str, request_object_id: str [, access_control_list: Optional[List[AccessControlRequest]]]) ObjectPermissions¶
Updates the permissions on an object. Objects can inherit permissions from their parent objects or root object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str The id of the request object.
access_control_list – List[
AccessControlRequest] (optional)
- Returns: