Cross-workspace access visibility for Databricks — audit who can reach what across every workspace in your account.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for lukaszmaron from gravatar.com lukaszmaron

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Lukasz Maron
  • Tags databricks , unity-catalog , scim , audit , permissions , security , principal , compliance , soc2 , escalation , identity , snapshot , diff , access-review , offboarding , governance , workspace
  • Requires: Python >=3.9
  • Provides-Extra: sdk , dev , notebook , docs , all
Classifiers
Report project as malware

Project description

databricks-access-audit

Databricks gives you no native way to answer "what can this identity access across all my workspaces?" — this tool does.

CI PyPI Python 3.9+ License: Apache 2.0

The Account Console shows you one workspace at a time. INFORMATION_SCHEMA shows you one metastore at a time. Neither resolves nested group memberships. Neither tells you whether a personal grant duplicates what the group already provides.

databricks-access-audit answers cross-workspace access questions in one command, across every workspace in your account at once.

Five modes

Mode Command Question it answers
Principal audit --principal "alice@company.com" What can this user / SP / group access across every workspace?
Group audit --group "data-engineers" What does this group access? Who has redundant personal grants?
Resource audit --resource "main" Who has access to this catalog / schema / table / workspace?
Compare --compare "alice@company.com" "bob@company.com" Which groups does Alice have that Bob doesn't?
Access provisioning --clone-from "alice@company.com" --to "bob@company.com" How do I give Bob the same access as Alice?

Install

pip install "databricks-access-audit[sdk]"

Add credentials to ~/.databrickscfg and run:

databricks-access-audit --principal "alice@company.com"
databricks-access-audit --group "data-engineers" --revoke-script
databricks-access-audit --resource "main" --output html > main_access.html

Documentation

https://lukaleet.github.io/databricks-access-audit

Tested environments

Developed and live-tested against Azure Databricks with Unity Catalog. AWS and GCP code paths exist but haven't been confirmed against real accounts yet.

If you run this on AWS, GCP, a large multi-workspace account, or with Okta/AWS SSO as your IdP — open an issue and let us know what works and what doesn't. Every environment report improves the tool.

Development

pip install -e ".[sdk,dev]"
pytest          # 570 tests, no real Databricks connection required
ruff check .

License

Apache 2.0 — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for lukaszmaron from gravatar.com lukaszmaron

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Lukasz Maron
  • Tags databricks , unity-catalog , scim , audit , permissions , security , principal , compliance , soc2 , escalation , identity , snapshot , diff , access-review , offboarding , governance , workspace
  • Requires: Python >=3.9
  • Provides-Extra: sdk , dev , notebook , docs , all
Classifiers

Release history Release notifications | RSS feed

0.25.0

0.24.0

0.23.0

0.22.1

0.22.0

0.21.0

This version

0.20.0

0.19.0

0.18.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

databricks_access_audit-0.20.0.tar.gz (146.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

databricks_access_audit-0.20.0-py3-none-any.whl (111.6 kB view details)

Uploaded Python 3

File details

Details for the file databricks_access_audit-0.20.0.tar.gz.

File metadata

  • Download URL: databricks_access_audit-0.20.0.tar.gz
  • Upload date:
  • Size: 146.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for databricks_access_audit-0.20.0.tar.gz
Algorithm Hash digest
SHA256 d7faeaddbb24f13530d6c76e9245d823a168ebfbfec2363b2c00afc4542e7bad
MD5 02537de83707c40e3f860e5740089623
BLAKE2b-256 09826c621ac2c410185c5ea26502cc91d3838e0ecc76c2ed47fa6108876c7cc2

See more details on using hashes here.

Provenance

The following attestation bundles were made for databricks_access_audit-0.20.0.tar.gz:

Publisher: publish.yml on lukaleet/databricks-access-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file databricks_access_audit-0.20.0-py3-none-any.whl.

File metadata

File hashes

Hashes for databricks_access_audit-0.20.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6d2d701d2e995540ddca892479f3bf23322068609ad56308864cf6ba9eec7ce8
MD5 c5e39aa3a5801bb56115606433ecd43c
BLAKE2b-256 59ce6ee48e4eebac959ae35d3aefde5f92b06c8a4c4b8f5e6a383fca1576ea68

See more details on using hashes here.

Provenance

The following attestation bundles were made for databricks_access_audit-0.20.0-py3-none-any.whl:

Publisher: publish.yml on lukaleet/databricks-access-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page