account_iam
Creates, updates, deletes, gets or lists an account_iam resource.
Overview
| Name | account_iam |
| Type | Resource |
| Id | databricks_account.iamv2.account_iam |
Fields
The following fields are returned by SELECT queries:
- get_workspace_access_detail
| Name | Datatype | Description |
|---|---|---|
account_id | string | The account ID parent of the workspace where the principal has access. |
principal_id | integer | The internal ID of the principal (user/sp/group) in Databricks. |
workspace_id | integer | The workspace ID where the principal has access. |
access_type | string | The type of access the principal has to the workspace. (DIRECT, INDIRECT) |
permissions | array | The permissions granted to the principal in the workspace. |
principal_type | string | The type of the principal (user/sp/group). (GROUP, SERVICE_PRINCIPAL, USER) |
status | string | The activity status of the principal in the workspace. Not applicable for groups at the moment. (ACTIVE, INACTIVE) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_workspace_access_detail | select | account_id, workspace_id, principal_id | view | Returns the access details for a principal in a workspace. Allows for checking access details for any |
resolve_group | exec | account_id, external_id | Resolves a group with the given external ID from the customer's IdP. If the group does not exist, it | |
resolve_service_principal | exec | account_id, external_id | Resolves an SP with the given external ID from the customer's IdP. If the SP does not exist, it will | |
resolve_user | exec | account_id, external_id | Resolves a user with the given external ID from the customer's IdP. If the user does not exist, it |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
principal_id | integer | Required. The internal ID of the principal (user/sp/group) for which the access details are being requested. |
workspace_id | integer | Required. The workspace ID for which the access details are being requested. |
view | string | Controls what fields are returned. |
SELECT examples
- get_workspace_access_detail
Returns the access details for a principal in a workspace. Allows for checking access details for any
SELECT
account_id,
principal_id,
workspace_id,
access_type,
permissions,
principal_type,
status
FROM databricks_account.iamv2.account_iam
WHERE account_id = '{{ account_id }}' -- required
AND workspace_id = '{{ workspace_id }}' -- required
AND principal_id = '{{ principal_id }}' -- required
AND view = '{{ view }}'
;
Lifecycle Methods
- resolve_group
- resolve_service_principal
- resolve_user
Resolves a group with the given external ID from the customer's IdP. If the group does not exist, it
EXEC databricks_account.iamv2.account_iam.resolve_group
@account_id='{{ account_id }}' --required
@@json=
'{
"external_id": "{{ external_id }}"
}'
;
Resolves an SP with the given external ID from the customer's IdP. If the SP does not exist, it will
EXEC databricks_account.iamv2.account_iam.resolve_service_principal
@account_id='{{ account_id }}' --required
@@json=
'{
"external_id": "{{ external_id }}"
}'
;
Resolves a user with the given external ID from the customer's IdP. If the user does not exist, it
EXEC databricks_account.iamv2.account_iam.resolve_user
@account_id='{{ account_id }}' --required
@@json=
'{
"external_id": "{{ external_id }}"
}'
;