v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/databricks
Overview
51Tables
Versions
GitHub
steampipe plugin install databricks

Table: databricks_iam_account_group - Query Databricks IAM Account Groups using SQL

Databricks IAM Account Groups represent a collection of Databricks IAM users, roles, and other groups. They are utilized to manage permissions and access to Databricks resources. Account groups streamline the process of granting and revoking access, making it easier to manage security and access control.

Table Usage Guide

The databricks_iam_account_group table provides insights into IAM account groups within Databricks. As a security engineer, you can explore group-specific details through this table, including member lists, access controls, and associated metadata. Utilize it to understand the configuration of access controls, identify groups with excessive permissions, and verify the proper assignment of users and roles.

Examples

Basic info

Explore which account groups are associated with specific account IDs to manage and organize your Databricks IAM resources more effectively. This can help in understanding the structure of your account and its security settings.

select
  id,
  display_name,
  account_id
from
  databricks_iam_account_group;
select
  id,
  display_name,
  account_id
from
  databricks_iam_account_group;

List all members of a specific group

Explore which members belong to a particular group. This can be useful in managing access controls and understanding group composition within the Databricks IAM account.

select
  g.id,
  g.display_name,
  m ->> 'display' as member_display_name,
  m ->> 'value' as member_id,
  m ->> 'type' as member_type,
  g.account_id
from
  databricks_iam_account_group g,
  jsonb_array_elements(g.members) m
where
  g.display_name = 'dev';
select
  g.id,
  g.display_name,
  json_extract(m.value, '$.display') as member_display_name,
  json_extract(m.value, '$.value') as member_id,
  json_extract(m.value, '$.type') as member_type,
  g.account_id
from
  databricks_iam_account_group g,
  json_each(g.members) m
where
  g.display_name = 'dev';

List all members that are users in a specific group

Discover the segments that consist of users belonging to a specific group. This is useful in managing user access and permissions in a more organized manner.

select
  g.id,
  g.display_name,
  m ->> 'display' as member_display_name,
  m ->> 'value' as member_id,
  m ->> 'type' as member_type,
  g.account_id
from
  databricks_iam_account_group g,
  jsonb_array_elements(g.members) m
where
  g.display_name = 'dev'
  and m ->> '$ref' like 'User%';
select
  g.id,
  g.display_name,
  json_extract(m.value, '$.display') as member_display_name,
  json_extract(m.value, '$.value') as member_id,
  json_extract(m.value, '$.type') as member_type,
  g.account_id
from
  databricks_iam_account_group g,
  json_each(g.members) m
where
  g.display_name = 'dev'
  and json_extract(m.value, '$.$ref') like 'User%';

List all members that are groups in a specific group

This example helps you identify all the groups that are part of a specific group within your organization. It can be useful for understanding the structure and hierarchy of your group memberships.

select
  g.id,
  g.display_name,
  m ->> 'display' as member_display_name,
  m ->> 'value' as member_id,
  m ->> 'type' as member_type,
  g.account_id
from
  databricks_iam_account_group g,
  jsonb_array_elements(g.members) m
where
  g.display_name = 'dev'
  and m ->> '$ref' like 'Group%';
select
  g.id,
  g.display_name,
  json_extract(m.value, '$.display') as member_display_name,
  json_extract(m.value, '$.value') as member_id,
  json_extract(m.value, '$.type') as member_type,
  g.account_id
from
  databricks_iam_account_group g,
  json_each(g.members) m
where
  g.display_name = 'dev'
  and json_extract(m.value, '$.$ref') like 'Group%';

List all the entitlements associated to a particular account group

Determine the areas in which specific account group entitlements apply, enabling the identification of access privileges for development-related tasks. This is useful for managing and monitoring access controls within your Databricks environment.

select
  id,
  display_name,
  account_id,
  jsonb_pretty(entitlements) as entitlements
from
  databricks_iam_account_group
where
  display_name = 'dev';
select
  id,
  display_name,
  account_id,
  entitlements
from
  databricks_iam_account_group
where
  display_name = 'dev';

Schema for databricks_iam_account_group

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe Databricks Account ID in which the resource is located.
display_nametext=, !=Human-readable name of the group.
entitlementsjsonbAll the entitlements associated with the group.
external_idtextExternal id of the group.
groupsjsonbAll the groups the group belongs to.
idtext=Databricks group id.
membersjsonbMembers of the group.
metajsonbContainer for the group identifier. Workspace local versus account.
rolesjsonbAll the roles associated with the group.
titletextThe title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- databricks

You can pass the configuration to the command with the --config argument:

steampipe_export_databricks --config '<your_config>' databricks_iam_account_group