11openapi : 3.0.0
22info :
33 title : Databricks Iamv2 API (workspace)
4- description : >-
5- OpenAPI specification for the Databricks iamv2 service (workspace-level
6- APIs), generated from the Databricks Python SDK.
4+ description : OpenAPI specification for the Databricks iamv2 service (workspace-level APIs), generated from the Databricks
5+ Python SDK.
76 version : 0.1.0
87 x-stackql-sdk-version : 0.86.0
98 x-stackql-date-generated : ' 2026-02-19'
109 x-stackql-sdk-namespace : databricks.sdk.service.iamv2
1110servers :
12- - url : https://{deployment_name}.cloud.databricks.com
13- variables :
14- deployment_name :
15- description : The Databricks Workspace Deployment Name
16- default : dbc-abcd0123-a1bc
11+ - url : https://{deployment_name}.cloud.databricks.com
12+ variables :
13+ deployment_name :
14+ description : The Databricks Workspace Deployment Name
15+ default : dbc-abcd0123-a1bc
1716paths :
1817 /api/2.0/identity/workspaceAccessDetails/{principal_id} :
1918 get :
2019 operationId : workspace_iam_v2_get_workspace_access_detail_local
21- summary : >-
22- Returns the access details for a principal in the current workspace.
23- Allows for checking access
20+ summary : Returns the access details for a principal in the current workspace. Allows for checking access
2421 tags :
25- - iamv2
26- - workspace_iam_v2
27- description : >-
28- Returns the access details for a principal in the current workspace.
29- Allows for checking access
30-
31- details for any provisioned principal (user, service principal, or
32- group) in the current workspace. *
33-
34- Provisioned principal here refers to one that has been synced into
35- Databricks from the customer's IdP
36-
37- or added explicitly to Databricks via SCIM/UI. Allows for passing in a
38- "view" parameter to control
39-
22+ - iamv2
23+ - workspace_iam_v2
24+ description : |-
25+ Returns the access details for a principal in the current workspace. Allows for checking access
26+ details for any provisioned principal (user, service principal, or group) in the current workspace. *
27+ Provisioned principal here refers to one that has been synced into Databricks from the customer's IdP
28+ or added explicitly to Databricks via SCIM/UI. Allows for passing in a "view" parameter to control
4029 what fields are returned (BASIC by default or FULL).
4130
42-
4331 :param principal_id: int
4432 Required. The internal ID of the principal (user/sp/group) for which the access details are being
4533 requested.
@@ -48,20 +36,18 @@ paths:
4836
4937 :returns: :class:`WorkspaceAccessDetail`
5038parameters :
51- - name : principal_id
52- in : path
53- required : true
54- schema :
55- type : integer
56- description : >-
57- Required. The internal ID of the principal (user/sp/group) for which
58- the access details are being requested.
59- name : view
60- in : query
61- required : false
62- schema :
63- type : string
64- description : Controls what fields are returned.
39+ - name : principal_id
40+ in : path
41+ required : true
42+ schema :
43+ type : integer
44+ description : Required. The internal ID of the principal (user/sp/group) for which the access details are being requested.
45+ - name : view
46+ in : query
47+ required : false
48+ schema :
49+ type : string
50+ description : Controls what fields are returned.
6551 responses :
6652 ' 200 '
6753 description : Success
@@ -84,22 +70,15 @@ paths:
8470 /api/2.0/identity/groups/resolveByExternalId :
8571 post :
8672 operationId : workspace_iam_v2_resolve_group_proxy
87- summary : >-
88- Resolves a group with the given external ID from the customer's IdP. If
89- the group does not exist, it
73+ summary : Resolves a group with the given external ID from the customer's IdP. If the group does not exist, it
9074 tags :
91- - iamv2
92- - workspace_iam_v2
93- description : >-
94- Resolves a group with the given external ID from the customer's IdP. If
95- the group does not exist, it
96-
97- will be created in the account. If the customer is not onboarded onto
98- Automatic Identity Management
99-
75+ - iamv2
76+ - workspace_iam_v2
77+ description : |-
78+ Resolves a group with the given external ID from the customer's IdP. If the group does not exist, it
79+ will be created in the account. If the customer is not onboarded onto Automatic Identity Management
10080 (AIM), this will return an error.
10181
102-
10382 :param external_id: str
10483 Required. The external ID of the group in the customer's IdP.
10584
@@ -112,11 +91,9 @@ paths:
11291 properties :
11392 external_id :
11493 type : string
115- description : >-
116- Required. The external ID of the group in the customer's
117- IdP.
94+ description : Required. The external ID of the group in the customer's IdP.
11895 required :
119- - external_id
96+ - external_id
12097 responses :
12198 ' 200 '
12299 description : Success
@@ -139,22 +116,15 @@ paths:
139116 /api/2.0/identity/servicePrincipals/resolveByExternalId :
140117 post :
141118 operationId : workspace_iam_v2_resolve_service_principal_proxy
142- summary : >-
143- Resolves an SP with the given external ID from the customer's IdP. If
144- the SP does not exist, it will
119+ summary : Resolves an SP with the given external ID from the customer's IdP. If the SP does not exist, it will
145120 tags :
146- - iamv2
147- - workspace_iam_v2
148- description : >-
149- Resolves an SP with the given external ID from the customer's IdP. If
150- the SP does not exist, it will
151-
152- be created. If the customer is not onboarded onto Automatic Identity
153- Management (AIM), this will
154-
121+ - iamv2
122+ - workspace_iam_v2
123+ description : |-
124+ Resolves an SP with the given external ID from the customer's IdP. If the SP does not exist, it will
125+ be created. If the customer is not onboarded onto Automatic Identity Management (AIM), this will
155126 return an error.
156127
157-
158128 :param external_id: str
159129 Required. The external ID of the service principal in the customer's IdP.
160130
@@ -167,11 +137,9 @@ paths:
167137 properties :
168138 external_id :
169139 type : string
170- description : >-
171- Required. The external ID of the service principal in the
172- customer's IdP.
140+ description : Required. The external ID of the service principal in the customer's IdP.
173141 required :
174- - external_id
142+ - external_id
175143 responses :
176144 ' 200 '
177145 description : Success
@@ -194,22 +162,15 @@ paths:
194162 /api/2.0/identity/users/resolveByExternalId :
195163 post :
196164 operationId : workspace_iam_v2_resolve_user_proxy
197- summary : >-
198- Resolves a user with the given external ID from the customer's IdP. If
199- the user does not exist, it
165+ summary : Resolves a user with the given external ID from the customer's IdP. If the user does not exist, it
200166 tags :
201- - iamv2
202- - workspace_iam_v2
203- description : >-
204- Resolves a user with the given external ID from the customer's IdP. If
205- the user does not exist, it
206-
207- will be created. If the customer is not onboarded onto Automatic
208- Identity Management (AIM), this will
209-
167+ - iamv2
168+ - workspace_iam_v2
169+ description : |-
170+ Resolves a user with the given external ID from the customer's IdP. If the user does not exist, it
171+ will be created. If the customer is not onboarded onto Automatic Identity Management (AIM), this will
210172 return an error.
211173
212-
213174 :param external_id: str
214175 Required. The external ID of the user in the customer's IdP.
215176
@@ -224,7 +185,7 @@ paths:
224185 type : string
225186 description : Required. The external ID of the user in the customer's IdP.
226187 required :
227- - external_id
188+ - external_id
228189 responses :
229190 ' 200 '
230191 description : Success
@@ -297,9 +258,7 @@ components:
297258 description : ExternalId of the service principal in the customer's IdP.
298259 internal_id :
299260 type : integer
300- description : >-
301- Internal service principal ID of the service principal in
302- Databricks.
261+ description : Internal service principal ID of the service principal in Databricks.
303262 description : The details of a ServicePrincipal resource.
304263 User :
305264 type : object
@@ -336,9 +295,7 @@ components:
336295 $ref : ' #/components/schemas/WorkspaceAccessDetailAccessType'
337296 account_id :
338297 type : string
339- description : >-
340- The account ID parent of the workspace where the principal has
341- access.
298+ description : The account ID parent of the workspace where the principal has access.
342299 permissions :
343300 type : array
344301 items :
@@ -351,47 +308,41 @@ components:
351308 $ref : ' #/components/schemas/PrincipalType'
352309 status :
353310 $ref : ' #/components/schemas/State'
354- description : >-
355- The activity status of the principal in the workspace. Not
356- applicable for groups at the moment.
311+ description : The activity status of the principal in the workspace. Not applicable for groups at the moment.
357312 workspace_id :
358313 type : integer
359314 description : The workspace ID where the principal has access.
360315 description : The details of a principal's access to a workspace.
361316 PrincipalType :
362317 type : string
363318 x-enum :
364- - GROUP
365- - SERVICE_PRINCIPAL
366- - USER
319+ - GROUP
320+ - SERVICE_PRINCIPAL
321+ - USER
367322 description : The type of the principal (user/sp/group).
368323 State :
369324 type : string
370325 x-enum :
371- - ACTIVE
372- - INACTIVE
373- description : >-
374- The activity status of a user or service principal in a Databricks
375- account or workspace.
326+ - ACTIVE
327+ - INACTIVE
328+ description : The activity status of a user or service principal in a Databricks account or workspace.
376329 WorkspaceAccessDetailAccessType :
377330 type : string
378331 x-enum :
379- - DIRECT
380- - INDIRECT
332+ - DIRECT
333+ - INDIRECT
381334 description : The type of access the principal has to the workspace.
382335 WorkspaceAccessDetailView :
383336 type : string
384337 x-enum :
385- - BASIC
386- - FULL
387- description : >-
388- Controls what fields are returned in the GetWorkspaceAccessDetail
389- response.
338+ - BASIC
339+ - FULL
340+ description : Controls what fields are returned in the GetWorkspaceAccessDetail response.
390341 WorkspacePermission :
391342 type : string
392343 x-enum :
393- - ADMIN_PERMISSION
394- - USER_PERMISSION
344+ - ADMIN_PERMISSION
345+ - USER_PERMISSION
395346 description : The type of permission a principal has to a workspace (admin/user).
396347 x-stackQL-resources :
397348 workspace_iam_v2 :
@@ -401,8 +352,7 @@ components:
401352 methods :
402353 get_workspace_access_detail_local :
403354 operation :
404- $ref : >-
405- #/paths/~1api~12.0~1identity~1workspaceAccessDetails~1{principal_id}/get
355+ $ref : ' #/paths/~1api~12.0~1identity~1workspaceAccessDetails~1{principal_id}/get'
406356 response :
407357 mediaType : application/json
408358 openAPIDocKey : ' 200'
@@ -420,8 +370,7 @@ components:
420370 requestBodyTranslate :
421371 algorithm : naive
422372 operation :
423- $ref : >-
424- #/paths/~1api~12.0~1identity~1servicePrincipals~1resolveByExternalId/post
373+ $ref : ' #/paths/~1api~12.0~1identity~1servicePrincipals~1resolveByExternalId/post'
425374 response :
426375 mediaType : application/json
427376 openAPIDocKey : ' 200'
@@ -436,12 +385,74 @@ components:
436385 openAPIDocKey : ' 200'
437386 sqlVerbs :
438387 select :
439- - $ref : >-
440- #/components/x-stackQL-resources/workspace_iam_v2/methods/get_workspace_access_detail_local
388+ - $ref : ' #/components/x-stackQL-resources/workspace_iam_v2/methods/get_workspace_access_detail_local'
441389 insert : []
442390 update : []
443391 delete : []
444392 replace : []
393+ vw_workspace_access_details :
394+ name : vw_workspace_access_details
395+ id : databricks_workspace.iamv2.vw_workspace_access_details
396+ config :
397+ docs :
398+ fields :
399+ - name : deployment_name
400+ type : string
401+ description : Workspace deployment name used to scope the query.
402+ - name : principal_id
403+ type : string
404+ description : Unique identifier of the principal whose workspace access is being queried.
405+ - name : principal_type
406+ type : string
407+ description : Type of the principal (e.g. USER, GROUP, SERVICE_PRINCIPAL).
408+ - name : access_type
409+ type : string
410+ description : How the principal was granted access to the workspace (e.g. DIRECT, ACCOUNT_ADMIN).
411+ - name : status
412+ type : string
413+ description : Current access status of the principal on the workspace (e.g. ACTIVE).
414+ - name : account_id
415+ type : string
416+ description : Databricks account ID that owns the workspace.
417+ - name : workspace_id
418+ type : integer
419+ description : Numeric identifier of the workspace.
420+ - name : permission
421+ type : string
422+ description : Permission level granted to the principal on the workspace (one row per permission, e.g. USER, ADMIN).
423+ views :
424+ select :
425+ predicate : sqlDialect == "sqlite3"
426+ ddl : |-
427+ SELECT
428+ wa.deployment_name,
429+ wa.principal_id,
430+ wa.principal_type,
431+ wa.access_type,
432+ wa.status,
433+ wa.account_id,
434+ wa.workspace_id,
435+ p.value AS permission
436+ FROM databricks_workspace.iamv2.workspace_iam_v2 wa,
437+ JSON_EACH(wa.permissions) p
438+ WHERE wa.deployment_name = '{{ deployment_name }}'
439+ AND wa.principal_id = '{{ principal_id }}'
440+ fallback :
441+ predicate : sqlDialect == "postgres"
442+ ddl : |-
443+ SELECT
444+ wa.deployment_name,
445+ wa.principal_id,
446+ wa.principal_type,
447+ wa.access_type,
448+ wa.status,
449+ wa.account_id,
450+ wa.workspace_id,
451+ p.value AS permission
452+ FROM databricks_workspace.iamv2.workspace_iam_v2 wa,
453+ jsonb_array_elements(wa.permissions::jsonb) AS p
454+ WHERE wa.deployment_name = '{{ deployment_name }}'
455+ AND wa.principal_id = '{{ principal_id }}'
445456x-stackQL-config :
446457 pagination :
447458 requestToken :
0 commit comments