vw_permissions
Creates, updates, deletes, gets or lists a vw_permissions resource.
Overview
| Name | vw_permissions |
| Type | View |
| Id | databricks_workspace.iam.vw_permissions |
Fields
The following fields are returned by this view:
| Name | Datatype | Description |
|---|---|---|
deployment_name | string | Workspace deployment name used to scope the query. |
request_object_type | string | Object type used to scope the permissions query (e.g. clusters, jobs, notebooks, directories). |
request_object_id | string | Object ID used to scope the permissions query. |
object_id | string | ID of the object whose permissions are being queried. |
object_type | string | Type of the object (e.g. clusters, jobs, notebooks, directories). |
display_name | string | Display name of the principal in this ACL entry. |
user_name | string | Username of the principal if the principal is a user. |
group_name | string | Group name of the principal if the principal is a group. |
service_principal_name | string | Application name of the principal if the principal is a service principal. |
permission_level | string | Permission level granted to the principal (one row per permission, e.g. CAN_VIEW, CAN_RUN, CAN_MANAGE, IS_OWNER). |
inherited | boolean | Whether this permission is inherited from a parent object. |
inherited_from_object | array | List of parent object paths from which this permission is inherited. |
Required Parameters
The following parameters are required by this view:
| Name | Datatype | Description |
|---|---|---|
deployment_name | string | Workspace deployment name used to scope the query. |
request_object_type | string | Object type used to scope the permissions query (e.g. clusters, jobs, notebooks, directories). |
request_object_id | string | Object ID used to scope the permissions query. |
SELECT Examples
SELECT
deployment_name,
request_object_type,
request_object_id,
object_id,
object_type,
display_name,
user_name,
group_name,
service_principal_name,
permission_level,
inherited,
inherited_from_object
FROM databricks_workspace.iam.vw_permissions
WHERE deployment_name = '{{ deployment_name }}'
AND request_object_type = '{{ request_object_type }}'
AND request_object_id = '{{ request_object_id }}';
SQL Definition
- Sqlite3
- Postgres
SELECT
p.deployment_name,
p.request_object_type,
p.request_object_id,
p.object_id,
p.object_type,
JSON_EXTRACT(acl.value, '$.display_name') AS display_name,
JSON_EXTRACT(acl.value, '$.user_name') AS user_name,
JSON_EXTRACT(acl.value, '$.group_name') AS group_name,
JSON_EXTRACT(acl.value, '$.service_principal_name') AS service_principal_name,
JSON_EXTRACT(perm.value, '$.permission_level') AS permission_level,
JSON_EXTRACT(perm.value, '$.inherited') AS inherited,
JSON_EXTRACT(perm.value, '$.inherited_from_object') AS inherited_from_object
FROM databricks_workspace.iam.permissions p,
JSON_EACH(p.access_control_list) acl,
JSON_EACH(JSON_EXTRACT(acl.value, '$.all_permissions')) perm
WHERE p.deployment_name = '{{ deployment_name }}'
AND p.request_object_type = '{{ request_object_type }}'
AND p.request_object_id = '{{ request_object_id }}'
SELECT
p.deployment_name,
p.request_object_type,
p.request_object_id,
p.object_id,
p.object_type,
acl.value->>'display_name' AS display_name,
acl.value->>'user_name' AS user_name,
acl.value->>'group_name' AS group_name,
acl.value->>'service_principal_name' AS service_principal_name,
perm.value->>'permission_level' AS permission_level,
(perm.value->>'inherited')::boolean AS inherited,
perm.value->'inherited_from_object' AS inherited_from_object
FROM databricks_workspace.iam.permissions p,
jsonb_array_elements(p.access_control_list::jsonb) AS acl,
jsonb_array_elements((acl.value->'all_permissions')::jsonb) AS perm
WHERE p.deployment_name = '{{ deployment_name }}'
AND p.request_object_type = '{{ request_object_type }}'
AND p.request_object_id = '{{ request_object_id }}'