w.permissions: Permissions¶
- class databricks.sdk.service.iam.PermissionsAPI¶
Permissions API are used to create read, write, edit, update and manage access for various users on different objects and endpoints.
[Apps permissions](:service:apps) — Manage which users can manage or use apps.
[Cluster permissions](:service:clusters) — Manage which users can manage, restart, or attach to clusters.
[Cluster policy permissions](:service:clusterpolicies) — Manage which users can use cluster policies.
[Spark Declarative Pipelines permissions](:service:pipelines) — Manage which users can view, manage, run, cancel, or own a Spark Declarative Pipeline.
[Job permissions](:service:jobs) — Manage which users can view, manage, trigger, cancel, or own a job.
[MLflow experiment permissions](:service:experiments) — Manage which users can read, edit, or manage MLflow experiments.
[MLflow registered model permissions](:service:modelregistry) — Manage which users can read, edit, or manage MLflow registered models.
[Instance Pool permissions](:service:instancepools) — Manage which users can manage or attach to pools.
[Repo permissions](repos) — Manage which users can read, run, edit, or manage a repo.
[Serving endpoint permissions](:service:servingendpoints) — Manage which users can view, query, or manage a serving endpoint.
[SQL warehouse permissions](:service:warehouses) — Manage which users can use or manage SQL warehouses.
[Token permissions](:service:tokenmanagement) — Manage which users can create or use tokens.
[Workspace object permissions](:service:workspace) — Manage which users can read, run, edit, or manage alerts, dbsql-dashboards, directories, files, notebooks and queries. For the mapping of the required permissions for specific actions or abilities and other important information, see Access Control. Note that to manage access control on service principals, use [Account Access Control Proxy](:service:accountaccesscontrolproxy).
- get(request_object_type: str, request_object_id: str) ObjectPermissions¶
Usage:
import time from databricks.sdk import WorkspaceClient w = WorkspaceClient() notebook_path = f"/Users/{w.current_user.me().user_name}/sdk-{time.time_ns()}" obj = w.workspace.get_status(path=notebook_path) _ = w.permissions.get(request_object_type="notebooks", request_object_id="%d" % (obj.object_id))
Gets the permissions of an object. Objects can inherit permissions from their parent objects or root object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str The id of the request object.
- Returns:
- get_permission_levels(request_object_type: str, request_object_id: str) GetPermissionLevelsResponse¶
Usage:
import time from databricks.sdk import WorkspaceClient w = WorkspaceClient() notebook_path = f"/Users/{w.current_user.me().user_name}/sdk-{time.time_ns()}" obj = w.workspace.get_status(path=notebook_path) levels = w.permissions.get_permission_levels(request_object_type="notebooks", request_object_id="%d" % (obj.object_id))
Gets the permission levels that a user can have on an object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str
- Returns:
- set(request_object_type: str, request_object_id: str [, access_control_list: Optional[List[AccessControlRequest]]]) ObjectPermissions¶
Usage:
import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() notebook_path = f"/Users/{w.current_user.me().user_name}/sdk-{time.time_ns()}" group = w.groups.create(display_name=f"sdk-{time.time_ns()}") obj = w.workspace.get_status(path=notebook_path) _ = w.permissions.set( request_object_type="notebooks", request_object_id="%d" % (obj.object_id), access_control_list=[ iam.AccessControlRequest( group_name=group.display_name, permission_level=iam.PermissionLevel.CAN_RUN, ) ], ) # cleanup w.groups.delete(id=group.id)
Sets permissions on an object, replacing existing permissions if they exist. Deletes all direct permissions if none are specified. Objects can inherit permissions from their parent objects or root object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str The id of the request object.
access_control_list – List[
AccessControlRequest] (optional)
- Returns:
- update(request_object_type: str, request_object_id: str [, access_control_list: Optional[List[AccessControlRequest]]]) ObjectPermissions¶
Updates the permissions on an object. Objects can inherit permissions from their parent objects or root object.
- Parameters:
request_object_type – str The type of the request object. Can be one of the following: alerts, alertsv2, authorization, clusters, cluster-policies, dashboards, database-projects, dbsql-dashboards, directories, experiments, files, genie, instance-pools, jobs, knowledge-assistants, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, supervisor-agents, vector-search-endpoints, or warehouses.
request_object_id – str The id of the request object.
access_control_list – List[
AccessControlRequest] (optional)
- Returns: