Skip to main content
Last updated on

workspace-iam-v2 command group

note

This information applies to Databricks CLI versions 0.205 and above. The Databricks CLI is in Public Preview.

Databricks CLI use is subject to the Databricks License and Databricks Privacy Notice, including any Usage Data provisions.

The workspace-iam-v2 command group within the Databricks CLI allows you to manage identities and workspace access. These APIs are used to manage identities and the workspace access of these identities in Databricks.

databricks workspace-iam-v2 get-workspace-access-detail-local

Get workspace access details for a principal in the current workspace.

databricks workspace-iam-v2 get-workspace-access-detail-local PRINCIPAL_ID [flags]

Arguments

PRINCIPAL_ID

    Required. The internal ID of the principal (user, service principal, or group) for which the access details are being requested.

Options

--view WorkspaceAccessDetailView

    Controls what fields are returned. Supported values: BASIC, FULL

Global flags

Examples

The following example gets basic workspace access details for a principal:

Bash
databricks workspace-iam-v2 get-workspace-access-detail-local 12345678

The following example gets full workspace access details:

Bash
databricks workspace-iam-v2 get-workspace-access-detail-local 12345678 --view FULL

databricks workspace-iam-v2 resolve-group-proxy

Resolve an external group in the Databricks account from the customer's IdP with the given external ID. If the group does not exist, it will be created in the account. Requires the customer to be onboarded onto Automatic Identity Management (AIM).

databricks workspace-iam-v2 resolve-group-proxy EXTERNAL_ID [flags]

Arguments

EXTERNAL_ID

    Required. The external ID of the group in the customer's IdP.

Options

--json JSON

    The inline JSON string or the @path to the JSON file with the request body.

Global flags

Examples

The following example resolves an external group:

Bash
databricks workspace-iam-v2 resolve-group-proxy "external-group-id-from-idp"

databricks workspace-iam-v2 resolve-service-principal-proxy

Resolve an external service principal in the Databricks account with the given external ID from the customer's IdP. If the service principal does not exist, it will be created. Requires the customer to be onboarded onto Automatic Identity Management (AIM).

databricks workspace-iam-v2 resolve-service-principal-proxy EXTERNAL_ID [flags]

Arguments

EXTERNAL_ID

    Required. The external ID of the service principal in the customer's IdP.

Options

--json JSON

    The inline JSON string or the @path to the JSON file with the request body.

Global flags

Examples

The following example resolves an external service principal:

Bash
databricks workspace-iam-v2 resolve-service-principal-proxy "external-sp-id-from-idp"

databricks workspace-iam-v2 resolve-user-proxy

Resolve an external user in the Databricks account with the given external ID from the customer's IdP. If the user does not exist, it will be created. Requires the customer to be onboarded onto Automatic Identity Management (AIM).

databricks workspace-iam-v2 resolve-user-proxy EXTERNAL_ID [flags]

Arguments

EXTERNAL_ID

    Required. The external ID of the user in the customer's IdP.

Options

--json JSON

    The inline JSON string or the @path to the JSON file with the request body.

Global flags

Examples

The following example resolves an external user:

Bash
databricks workspace-iam-v2 resolve-user-proxy "external-user-id-from-idp"

Global flags

--debug

  Whether to enable debug logging.

-h or --help

    Display help for the Databricks CLI or the related command group or the related command.

--log-file string

    A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.

--log-format format

    The log format type, text or json. The default value is text.

--log-level string

    A string representing the log format level. If not specified then the log format level is disabled.

-o, --output type

    The command output type, text or json. The default value is text.

-p, --profile string

    The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.

--progress-format format

    The format to display progress logs: default, append, inplace, or json

-t, --target string

    If applicable, the bundle target to use

On this page