turbot/databricks
steampipe plugin install databricks

Table: databricks_iam_current_user - Query Databricks IAM Users using SQL

Databricks Identity and Access Management (IAM) is a web service that helps you securely control access to Databricks resources. It provides authentication, authorization, and audit for your Databricks environment. IAM ensures that only authenticated and authorized users are able to access your Databricks resources.

Table Usage Guide

The databricks_iam_current_user table provides insights into the current user within Databricks IAM. As a security analyst, explore user-specific details through this table, including user roles, permissions, and associated metadata. Utilize it to uncover information about the current user, such as their roles and permissions, to verify security configurations and ensure adherence to best practices.

Examples

Basic info

Explore the current user's basic information in Databricks to gain insights into their activity status and associated account. This can be useful for monitoring user activity and managing user-related issues.

select
id,
user_name,
display_name,
active,
account_id
from
databricks_iam_current_user;
select
id,
user_name,
display_name,
active,
account_id
from
databricks_iam_current_user;

List assigned roles for the user

Explore which roles are currently assigned to a user on Databricks. This is useful for auditing user permissions and ensuring appropriate access levels are maintained.

select
u.id,
u.user_name,
u.display_name,
r ->> 'value' as role,
r ->> 'type' as type,
u.account_id
from
databricks_iam_current_user u,
jsonb_array_elements(roles) as r;
select
u.id,
u.user_name,
u.display_name,
json_extract(r.value, '$.value') as role,
json_extract(r.value, '$.type') as type,
u.account_id
from
databricks_iam_current_user u,
json_each(roles) as r;

List groups the user belongs to

Explore which groups a particular user is associated with, to understand their permissions and roles within an organization. This is useful for auditing user access and ensuring appropriate security measures are in place.

select
u.id,
u.user_name,
u.display_name,
g.id as group_id,
g.display_name as group_name,
u.account_id
from
databricks_iam_current_user u,
databricks_iam_account_group g,
jsonb_array_elements(g.members) m
where
m ->> 'value' = u.id
and g.account_id = u.account_id;
select
u.id,
u.user_name,
u.display_name,
g.id as group_id,
g.display_name as group_name,
u.account_id
from
databricks_iam_current_user u,
databricks_iam_account_group g,
json_each(g.members) as m
where
json_extract(m.value, '$.value') = u.id
and g.account_id = u.account_id;

List user's entitlements

Explore which entitlements are associated with each user in your Databricks environment. This can be beneficial to understand user permissions and roles for better access management.

select
u.id,
u.user_name,
u.display_name,
r ->> 'value' as entitlement,
u.account_id
from
databricks_iam_current_user u,
jsonb_array_elements(entitlements) as r;
select
u.id,
u.user_name,
u.display_name,
json_extract(r.value, '$.value') as entitlement,
u.account_id
from
databricks_iam_current_user u,
json_each(u.entitlements) as r;

Find the account with the most users

Pinpoint the specific account that has the highest number of users. This can be useful in identifying the most active account and understanding user distribution across accounts.

select
account_id,
count(*) as user_count
from
databricks_iam_current_user
group by
account_id
order by
user_count desc
limit
1;
select
account_id,
count(*) as user_count
from
databricks_iam_current_user
group by
account_id
order by
user_count desc
limit
1;

List users with multiple email IDs

Explore which users have registered multiple email IDs to their accounts. This can help in identifying instances where a single user might be using multiple accounts, which could be a sign of potential misuse or a security concern.

select
id,
user_name,
display_name,
active,
account_id,
jsonb_pretty(emails) as email_ids
from
databricks_iam_current_user
where
jsonb_array_length(emails) > 1;
select
id,
user_name,
display_name,
active,
account_id,
emails as email_ids
from
databricks_iam_current_user
where
json_array_length(emails) > 1;

Schema for databricks_iam_current_user

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The Databricks Account ID in which the resource is located.
activebooleanWhether the user is active.
display_nametextString that represents a concatenation of given and family names.
emailsjsonbAll the emails associated with the Databricks user.
entitlementsjsonbAll the entitlements associated with the Databricks user.
external_idtextExternal ID of the user.
groupsjsonbAll the groups the user belongs to.
idtextDatabricks user ID.
namejsonbName of the user.
rolesjsonbAll the roles associated with the Databricks user.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe title of the resource.
user_nametextEmail address of the Databricks user.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- databricks

You can pass the configuration to the command with the --config argument:

steampipe_export_databricks --config '<your_config>' databricks_iam_current_user