Table: databricks_sharing_recipient - Query Databricks Sharing Recipients using SQL
Databricks Sharing Recipients is a feature within Databricks that provides information about the sharing status of Databricks notebooks. It allows users to monitor and manage the sharing of notebooks across different users and groups within the organization. This feature is crucial for maintaining proper access control and collaborative workflows in Databricks.
Table Usage Guide
The databricks_sharing_recipient table provides insights into the sharing status of Databricks notebooks. As a data engineer or data scientist, explore notebook-specific details through this table, including recipient type, recipient ID, and the notebook path. Utilize it to uncover information about sharing activities, such as who has access to which notebooks, and the types of access they have.
Examples
Basic info
Explore which Databricks sharing recipients have been created and by whom. This can be useful to understand who has access to your shared Databricks resources and when they were given access, providing insights into your data security and management.
select name, comment, data_recipient_global_metastore_id, metastore_id, activation_url, created_at, created_by, account_idfrom databricks_sharing_recipient;select name, comment, data_recipient_global_metastore_id, metastore_id, activation_url, created_at, created_by, account_idfrom databricks_sharing_recipient;List all inactive recipients
Explore which data recipients are inactive on your Databricks account. This can help in identifying unused resources, and potentially optimizing resource allocation.
select name, comment, data_recipient_global_metastore_id, metastore_id, activation_url, created_at, created_by, account_idfrom databricks_sharing_recipientwhere not activated;select name, comment, data_recipient_global_metastore_id, metastore_id, activation_url, created_at, created_by, account_idfrom databricks_sharing_recipientwhere activated is not 1;List allowed ip addresses for each recipient
Explore which recipient names and comments are associated with specific IP addresses. This is useful for understanding and managing access permissions in your Databricks sharing environment.
select name, comment, ip_addressfrom databricks_sharing_recipient, jsonb_array_elements_text(ip_access_list -> 'allowed_ip_addresses') as ip_address;select name, comment, ip_address.value as ip_addressfrom databricks_sharing_recipient, json_each( databricks_sharing_recipient.ip_access_list, '$.allowed_ip_addresses' ) as ip_address;List sharing reciepients that have databricks accounts
Explore which sharing recipients have Databricks accounts to manage and control access to shared data effectively. This is useful for maintaining security standards and ensuring appropriate data access.
select name, comment, data_recipient_global_metastore_id, metastore_id, activation_url, cloud, region, sharing_code, account_idfrom databricks_sharing_recipientwhere not authentication_type = 'DATABRICKS';select name, comment, data_recipient_global_metastore_id, metastore_id, activation_url, cloud, region, sharing_code, account_idfrom databricks_sharing_recipientwhere not authentication_type = 'DATABRICKS';Get permissions for each share
Explore the permissions assigned to each shared resource within your Databricks environment. This can help in identifying any potential security risks, such as overly permissive access rights.
select name, p ->> 'share_name' as share_name, pa ->> 'principal' as principal_name, pa ->> 'privileges' as privilegesfrom databricks_sharing_recipient, jsonb_array_elements(permissions) p, jsonb_array_elements(p -> 'privilege_assignments') as pa;select name, json_extract(p.value, '$.share_name') as share_name, json_extract(pa.value, '$.principal') as principal_name, json_extract(pa.value, '$.privileges') as privilegesfrom databricks_sharing_recipient, json_each(permissions) as p, json_each(json_extract(p.value, '$.privilege_assignments')) as pa;Get external recipients token details
Explore which external recipients have token details in the Databricks sharing recipient list. This can help identify and manage token-based access to Databricks resources, including understanding who created the tokens and when they expire.
select name, comment, t ->> 'id' as token_id, t ->> 'activation_url' as token_activation_url, t ->> 'created_at' as token_created_at, t ->> 'created_by' as token_created_by, t ->> 'expiration_time' as token_expiration_time, account_idfrom databricks_sharing_recipient, jsonb_array_elements(tokens) as twhere not authentication_type = 'TOKEN';select name, comment, json_extract(t.value, '$.id') as token_id, json_extract(t.value, '$.activation_url') as token_activation_url, json_extract(t.value, '$.created_at') as token_created_at, json_extract(t.value, '$.created_by') as token_created_by, json_extract(t.value, '$.expiration_time') as token_expiration_time, account_idfrom databricks_sharing_recipient, json_each(tokens) as twhere not authentication_type = 'TOKEN';Schema for databricks_sharing_recipient
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| account_id | text | The Databricks Account ID in which the resource is located. | |
| activated | boolean | A boolean status field showing whether the Recipient's activation URL has been exercised or not. | |
| activation_url | text | Full activation url to retrieve the access token. | |
| authentication_type | text | The delta sharing authentication type. | |
| cloud | text | Cloud vendor of the recipient's Unity Catalog metastore. | |
| comment | text | Description about the recipient. | |
| created_at | timestamp with time zone | Timestamp when the recipient was created. | |
| created_by | text | User who created the recipient. | |
| data_recipient_global_metastore_id | text | = | The global Unity Catalog metastore id of the data recipient. |
| ip_access_list | jsonb | IP Access list | |
| metastore_id | text | UUID of the recipient's Unity Catalog metastore. | |
| name | text | = | Name of the recipient. |
| owner | text | Username of the recipient owner. | |
| permissions | jsonb | An array of recipient's shares. | |
| properties_kvpairs | jsonb | Recipient properties as map of string key-value pairs. | |
| recipient_profile_str | text | The recipient profile as a string. | |
| region | text | Cloud region of the recipient's Unity Catalog metastore. | |
| sharing_code | text | The one-time sharing code provided by the data recipient. | |
| title | text | The title of the resource. | |
| tokens | jsonb | This field is only present when the __authentication_type__ is **TOKEN**. | |
| updated_at | timestamp with time zone | Timestamp when the recipient was last updated. | |
| updated_by | text | User who last modified the recipient. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- databricksYou can pass the configuration to the command with the --config argument:
steampipe_export_databricks --config '<your_config>' databricks_sharing_recipient