workspace_iam_v2
Creates, updates, deletes, gets or lists a workspace_iam_v2 resource.
Overview
| Name | workspace_iam_v2 |
| Type | Resource |
| Id | databricks_workspace.iamv2.workspace_iam_v2 |
Fields
The following fields are returned by SELECT queries:
- get_workspace_access_detail_local
| Name | Datatype | Description |
|---|---|---|
account_id | string | The account ID parent of the workspace where the principal has access. |
principal_id | integer | The internal ID of the principal (user/sp/group) in Databricks. |
workspace_id | integer | The workspace ID where the principal has access. |
access_type | string | The type of access the principal has to the workspace. (DIRECT, INDIRECT) |
permissions | array | The permissions granted to the principal in the workspace. |
principal_type | string | The type of the principal (user/sp/group). (GROUP, SERVICE_PRINCIPAL, USER) |
status | string | The activity status of the principal in the workspace. Not applicable for groups at the moment. (ACTIVE, INACTIVE) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_workspace_access_detail_local | select | principal_id, deployment_name | view | Returns the access details for a principal in the current workspace. Allows for checking access |
resolve_group_proxy | exec | deployment_name, external_id | Resolves a group with the given external ID from the customer's IdP. If the group does not exist, it | |
resolve_service_principal_proxy | exec | deployment_name, external_id | Resolves an SP with the given external ID from the customer's IdP. If the SP does not exist, it will | |
resolve_user_proxy | exec | deployment_name, external_id | Resolves a user with the given external ID from the customer's IdP. If the user does not exist, it |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
deployment_name | string | The Databricks Workspace Deployment Name (default: dbc-abcd0123-a1bc) |
principal_id | integer | Required. The internal ID of the principal (user/sp/group) for which the access details are being requested. |
view | string | Controls what fields are returned. |
SELECT examples
- get_workspace_access_detail_local
Returns the access details for a principal in the current workspace. Allows for checking access
SELECT
account_id,
principal_id,
workspace_id,
access_type,
permissions,
principal_type,
status
FROM databricks_workspace.iamv2.workspace_iam_v2
WHERE principal_id = '{{ principal_id }}' -- required
AND deployment_name = '{{ deployment_name }}' -- required
AND view = '{{ view }}'
;
Lifecycle Methods
- resolve_group_proxy
- resolve_service_principal_proxy
- resolve_user_proxy
Resolves a group with the given external ID from the customer's IdP. If the group does not exist, it
EXEC databricks_workspace.iamv2.workspace_iam_v2.resolve_group_proxy
@deployment_name='{{ deployment_name }}' --required
@@json=
'{
"external_id": "{{ external_id }}"
}'
;
Resolves an SP with the given external ID from the customer's IdP. If the SP does not exist, it will
EXEC databricks_workspace.iamv2.workspace_iam_v2.resolve_service_principal_proxy
@deployment_name='{{ deployment_name }}' --required
@@json=
'{
"external_id": "{{ external_id }}"
}'
;
Resolves a user with the given external ID from the customer's IdP. If the user does not exist, it
EXEC databricks_workspace.iamv2.workspace_iam_v2.resolve_user_proxy
@deployment_name='{{ deployment_name }}' --required
@@json=
'{
"external_id": "{{ external_id }}"
}'
;