Nóta
Teastaíonn údarú chun rochtain a fháil ar an leathanach seo. Is féidir leat triail a bhaint as shíniú isteach nó eolairí a athrú.
Teastaíonn údarú chun rochtain a fháil ar an leathanach seo. Is féidir leat triail a bhaint as eolairí a athrú.
Note
Databricks CLI use is subject to the Databricks License and Databricks Privacy Notice, including any Usage Data provisions.
The account access-control command group within the Databricks CLI contains commands to manage access rules on resources in an account.
databricks account access-control get-assignable-roles-for-resource
Get all the roles that can be granted on an account level resource. A role is grantable if the rule set on the resource can contain an access rule of the role.
databricks account access-control get-assignable-roles-for-resource RESOURCE [flags]
Arguments
RESOURCE
The resource name for which assignable roles will be listed, for example:
resource=accounts/<ACCOUNT_ID>- A resource name for the accountresource=accounts/<ACCOUNT_ID>/groups/<GROUP_ID>- A resource name for the groupresource=accounts/<ACCOUNT_ID>/servicePrincipals/<SP_ID>- A resource name for the service principalresource=accounts/<ACCOUNT_ID>/tagPolicies/<TAG_POLICY_ID>- A resource name for the tag policy
Options
Examples
The following example gets assignable roles for an account resource:
databricks account access-control get-assignable-roles-for-resource "resource=accounts/12345"
The following example gets assignable roles for a group resource:
databricks account access-control get-assignable-roles-for-resource "resource=accounts/12345/groups/67890"
databricks account access-control get-rule-set
Get a rule set by its name. A rule set is always attached to a resource and contains a list of access rules on the said resource. Currently only a default rule set for each resource is supported.
databricks account access-control get-rule-set NAME ETAG [flags]
Arguments
NAME
The ruleset name associated with the request, for example:
name=accounts/<ACCOUNT_ID>/ruleSets/default- A name for a rule set on the accountname=accounts/<ACCOUNT_ID>/groups/<GROUP_ID>/ruleSets/default- A name for a rule set on the groupname=accounts/<ACCOUNT_ID>/servicePrincipals/<SERVICE_PRINCIPAL_APPLICATION_ID>/ruleSets/default- A name for a rule set on the service principalname=accounts/<ACCOUNT_ID>/tagPolicies/<TAG_POLICY_ID>/ruleSets/default- A name for a rule set on the tag policy
ETAG
Etag used for versioning. The response is at least as fresh as the eTag provided. Etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a rule set from overwriting each other. It is strongly suggested that systems make use of the etag in the read → modify → write pattern to perform rule set updates in order to avoid race conditions that is get an etag from a GET rule set request, and pass it with the PUT update request to identify the rule set version you are updating, for example:
etag=- An empty etag can only be used in GET to indicate no freshness requirementsetag=RENUAAABhSweA4NvVmmUYdiU717H3Tgy0UJdor3gE4a+mq/oj9NjAf8ZsQ==- An etag encoded a specific version of the rule set to get or to be updated
Options
Examples
The following example gets a rule set for an account with no freshness requirements:
databricks account access-control get-rule-set "name=accounts/12345/ruleSets/default" ""
The following example gets a rule set with a specific etag version:
databricks account access-control get-rule-set "name=accounts/12345/ruleSets/default" "RENUAAABhSweA4NvVmmUYdiU717H3Tgy0UJdor3gE4a+mq/oj9NjAf8ZsQ=="
databricks account access-control update-rule-set
Replace the rules of a rule set. First, use get to read the current version of the rule set before modifying it. This pattern helps prevent conflicts between concurrent updates.
databricks account access-control update-rule-set [flags]
Options
--json JSON
The inline JSON string or the @path to the JSON file with the request body
Examples
The following example updates a rule set using JSON:
databricks account access-control update-rule-set --json '{"name": "accounts/12345/ruleSets/default", "grant_rules": [{"role": "roles/account.admin", "principals": [{"principal": "users/user@example.com"}]}], "etag": "RENUAAABhSweA4NvVmmUYdiU717H3Tgy0UJdor3gE4a+mq/oj9NjAf8ZsQ=="}'
The following example updates a rule set using a JSON file:
databricks account access-control update-rule-set --json @rule-set.json
Global flags
--debug
Whether to enable debug logging.
-h or --help
Display help for the Databricks CLI or the related command group or the related command.
--log-file string
A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.
--log-format format
The log format type, text or json. The default value is text.
--log-level string
A string representing the log format level. If not specified then the log format level is disabled.
-o, --output type
The command output type, text or json. The default value is text.
-p, --profile string
The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.
--progress-format format
The format to display progress logs: default, append, inplace, or json
-t, --target string
If applicable, the bundle target to use