Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.databricks.com/aws/en/admin/users-groups/users below:

Manage users | Databricks Documentation

This article explains how to add, update, and remove Databricks users.

For an overview of the Databricks identity model, see Databricks identities.

To manage access for users, see Authentication and access control.

To manage users in Databricks, you must be either an account admin or a workspace admin.

• Account admins can add users to the account and assign them admin roles. They can also assign users to workspaces and configure data access for them across workspaces, as long as those workspaces use identity federation.

• Workspace admins can add users to a Databricks workspace, assign them the workspace admin role, and manage access to objects and functionality in the workspace, such as the ability to create clusters or access specified persona-based environments. Adding a user to a Databricks workspace also adds them to the account.

  Workspace admins are members of the admins group in the workspace, which is a reserved group that cannot be deleted.

Account admins can sync users from an identity provider (IdP) to their Databricks account using a SCIM provisioning connector. For instructions, see Sync users and groups to your Databricks account.

• Account console
• Workspace admin settings

Account admins can add users to a Databricks account using the account console. Use this method when you want to add a user directly to an account without giving immediate access to any workspace. A user can't belong to more than 50 Databricks accounts.

1. Log in to the account console.
2. In the sidebar, click User management.
3. On the Users tab, click Add User.
4. Enter a name and email address for the user.
5. Click Add user.

After you add the user, you must separately assign them access to the workspace, data, and compute resources as needed.

Use this method to add a new user directly to a specific workspace. Adding a user to a workspace also adds them to the corresponding Databricks account.

1. As a workspace admin, log in to the Databricks workspace.
2. Click your username in the top bar of the Databricks workspace and select Settings.
3. Click on the Identity and access tab.
4. Next to Users, click Manage.
5. Click Add user.
6. Click Add new.
7. Enter an email address for the user.
8. Click Add.

Databricks sends a confirmation email to the user. They should receive the email within five minutes.

note

The User details page only displays roles that are directly assigned to the user. Roles inherited through group membership are active but their toggles are not shown as enabled in the UI.

1. As an account admin, log in to the account console.
2. In the sidebar, click User management.
3. Find and click the username.
4. On the Roles tab, select one or more roles.

Account admins and workspace admins can assign service principals to a Databricks workspace using the account console or the workspace admin settings page.

• Account console
• Workspace admin settings

To add users to a workspace using the account console, the workspace must be enabled for identity federation.

1. As an account admin, log in to the account console.
2. In the sidebar, click Workspaces.
3. Click your workspace name.
4. On the Permissions tab, click Add permissions.
5. Search for and select the user, assign the permission level (workspace User or Admin), and click Save.

1. As a workspace admin, log in to the Databricks workspace.
2. Click your username in the top bar of the Databricks workspace and select Settings.
3. Click on the Identity and access tab.
4. Next to Users, click Manage.
5. Click Add User.
6. Select an existing user to assign to the workspace or click Add new to create a new user.
7. Click Add.

When a user is removed from a workspace, the user can no longer access the workspace, however permissions are maintained on the user. If the user is later added back to the workspace, they regain their previous permissions.

• Account console
• Workspace admin settings

To remove users from a workspace using the account console, the workspace must be enabled for identity federation.

1. As an account admin, log in to the account console.
2. In the sidebar, click Workspaces.
3. Click your workspace name.
4. On the Permissions tab, find the user.
5. Click the kebab menu at the far right of the user row and select Remove.
6. On the confirmation dialog, click Remove.

1. As a workspace admin, log in to the Databricks workspace.
2. Click your username in the top bar of the Databricks workspace and select Settings.
3. Click on the Identity and access tab.
4. Next to Users, click Manage.
5. Find the user and kebab menu at the far right of the user row and select Remove.
6. Click Delete to confirm.

1. As a workspace admin, log in to the Databricks workspace.
2. Click your username in the top bar of the Databricks workspace and select Settings.
3. Click on the Identity and access tab.
4. Next to Users, click Manage.
5. Select the user.
6. Under Entitlements, turn on Admin access.

To remove the workspace admin role from a workspace user, perform the same steps, but clear the Admin access toggle.

You can deactivate a user at either the account or workspace level.

Account admins can deactivate users across a Databricks account. Deactivation prevents the user from authenticating and accessing the account, workspaces, or Databricks APIs, but does not remove its permissions or objects. This is preferable to removal, which is a destructive action.

Effects of deactivation:

• The user cannot authenticate or access the Databricks UI or APIs.
• Applications or scripts that use the tokens generated by the user are no longer able to access the Databricks API. The tokens remain but cannot be used to authenticate while a user is deactivated.
• Compute resources owned by the user remain running.
• Scheduled jobs created by the user fail unless they are assigned to a new owner.

When reactivated, the user regains access with the same permissions.

• Account level deactivation
• Workspace level deactivation

Account admins can deactivate a user across the a Databricks account. When a user is deactivated at the account-level they cannot authenticate to the Databricks account or to any workspaces in the account.

You cannot deactivate a user using the account console. Instead, use the Account Users API. For example:

Bash

curl --netrc -X PATCH \
https://${DATABRICKS_HOST}/api/2.1/accounts/{account_id}/scim/v2/Users/{id} \
--header 'Content-type: application/scim+json' \
--data @update-user.json \
| jq .

update-user.json:

JSON

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "replace",
      "path": "active",
      "value": [
        {
          "value": "false"
        }
      ]
    }
  ]
}

When a user is deactivated at the workspace-level, they cannot authenticate to that specific workspace, but they can still authenticate to the account and other workspaces in the account.

You cannot deactivate a user using the workspace admin settings page. Instead, use the Workspace Users API. For example:

Bash

curl --netrc -X PATCH \
https://<databricks-instance>/api/2.0/preview/scim/v2/Users/<user-id> \
--header 'Content-type: application/scim+json' \
--data @update-user.json \
| jq .

update-user.json:

JSON

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "replace",
      "path": "active",
      "value": [
        {
          "value": "false"
        }
      ]
    }
  ]
}

Account admins can delete users from a Databricks account. Workspace admins cannot. When you delete a user from the account, that user is also removed from their workspaces. If you remove a user using the account console, you must ensure that you also remove the user using any SCIM provisioning connectors or SCIM API applications that have been set up for the account. If you don't, SCIM provisioning adds the user back the next time it syncs. See Sync users and groups from your identity provider using SCIM.

important

When you remove a user from the account, that user is also removed from their workspaces, regardless of whether or not identity federation has been enabled. We recommend that you refrain from deleting account-level users unless you want them to lose access to all workspaces in the account. Be aware of the following consequences of deleting users:

• Applications or scripts that use the tokens generated by the user can no longer access Databricks APIs.
• Jobs owned by the user fail.
• Clusters owned by the user stop.
• Libraries installed by that user are invalid and must be reinstalled.
• Queries or dashboards created by the user and shared using the Run as Owner credential have to be assigned to a new owner to prevent sharing from failing.

When a user is removed from an account, the user can no longer access the account or their workspaces, however permissions are maintained on the user. If the user is later added back to the account, they regain their previous permissions.

To remove a user using the account console, do the following:

1. As an account admin, log in to the account console.
2. In the sidebar, click User management.
3. Find and click the username.
4. On the User Information tab, click the kebab menu in the upper-right corner and select Delete.
5. On the confirmation dialog, click Confirm delete.

Account admins and workspace admins can manage users in the Databricks account and workspaces using Databricks APIs.

Admins can add and manage users in the Databricks account using the Account Users API. Account admins and workspace admins invoke the API using a different endpoint URL:

• Account admins use {account-domain}/api/2.1/accounts/{account_id}/scim/v2/.
• Workspace admins use {workspace-domain}/api/2.0/account/scim/v2/.

For details, see the Account Users API.

Account and workspace admins can use the Workspace Assignment API to assign users to workspaces enabled for identity federation. The Workspace Assignment API is supported through the Databricks account and workspaces.

• Account admins use {account-domain}/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/permissionassignments.
• Workspace admins use {workspace-domain}/api/2.0/preview/permissionassignments/principals/{user_id}.

See Workspace Assignment API.

If your workspace is not enabled for identity federation, a workspace admin can use the workspace-level APIs to assign users to their workspaces. See Workspace Users API.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4