Cross-workspace access visibility for Databricks — audit who can reach what across every workspace in your account.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for lukaszmaron from gravatar.com lukaszmaron

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Lukasz Maron
  • Tags databricks , unity-catalog , scim , audit , permissions , security , principal , compliance , soc2 , escalation , identity , snapshot , diff , access-review , offboarding , governance , workspace
  • Requires: Python >=3.9
  • Provides-Extra: sdk , dev , notebook , docs , all
Classifiers
Report project as malware

Project description

databricks-access-audit

Databricks gives you no native way to answer "what can this identity access across all my workspaces?" — this tool does.

CI PyPI Python 3.9+ License: Apache 2.0

The Account Console shows you one workspace at a time. INFORMATION_SCHEMA shows you one metastore at a time. Neither resolves nested group memberships. Neither tells you whether a personal grant duplicates what the group already provides.

databricks-access-audit answers cross-workspace access questions in one command, across every workspace in your account at once.

Five modes

Mode Command Question it answers
Principal audit --principal "alice@company.com" What can this user / SP / group access across every workspace?
Group audit --group "data-engineers" What does this group access? Who has redundant personal grants?
Resource audit --resource "main" Who has access to this catalog / schema / table / workspace?
Compare --compare "alice@company.com" "bob@company.com" Which groups does Alice have that Bob doesn't?
Access provisioning --clone-from "alice@company.com" --to "bob@company.com" How do I give Bob the same access as Alice?

Install

pip install "databricks-access-audit[sdk]"

Add credentials to ~/.databrickscfg and run:

databricks-access-audit --principal "alice@company.com"
databricks-access-audit --group "data-engineers" --revoke-script
databricks-access-audit --resource "main" --output html > main_access.html

Documentation

https://lukaleet.github.io/databricks-access-audit

Tested environments

Developed and live-tested against Azure Databricks with Unity Catalog. AWS and GCP code paths exist but haven't been confirmed against real accounts yet.

If you run this on AWS, GCP, a large multi-workspace account, or with Okta/AWS SSO as your IdP — open an issue and let us know what works and what doesn't. Every environment report improves the tool.

Development

pip install -e ".[sdk,dev]"
pytest          # 570 tests, no real Databricks connection required
ruff check .

License

Apache 2.0 — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for lukaszmaron from gravatar.com lukaszmaron

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Lukasz Maron
  • Tags databricks , unity-catalog , scim , audit , permissions , security , principal , compliance , soc2 , escalation , identity , snapshot , diff , access-review , offboarding , governance , workspace
  • Requires: Python >=3.9
  • Provides-Extra: sdk , dev , notebook , docs , all
Classifiers

Release history Release notifications | RSS feed

0.25.0

0.24.0

0.23.0

0.22.1

This version

0.22.0

0.21.0

0.20.0

0.19.0

0.18.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

databricks_access_audit-0.22.0.tar.gz (153.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

databricks_access_audit-0.22.0-py3-none-any.whl (115.8 kB view details)

Uploaded Python 3

File details

Details for the file databricks_access_audit-0.22.0.tar.gz.

File metadata

  • Download URL: databricks_access_audit-0.22.0.tar.gz
  • Upload date:
  • Size: 153.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for databricks_access_audit-0.22.0.tar.gz
Algorithm Hash digest
SHA256 ec8c363ff59c1a55655d644dfa0a7ba8ef717b005c2b6f137f0fdb860118eb38
MD5 196d23dfca519eef0a84fd86f0621bc6
BLAKE2b-256 a1bfbfa5ac2a8e1ca736abf3faa9d0c5cd6c97ca1c08f1e5a5827e7353aa56dd

See more details on using hashes here.

Provenance

The following attestation bundles were made for databricks_access_audit-0.22.0.tar.gz:

Publisher: publish.yml on lukaleet/databricks-access-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file databricks_access_audit-0.22.0-py3-none-any.whl.

File metadata

File hashes

Hashes for databricks_access_audit-0.22.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3aaf341b6340aa5ed229b6dbaf66aadc85e080e64ce7e12578ef6676b80c2c3a
MD5 51a82b69d124fa725fabebd5daf0bbd3
BLAKE2b-256 5c69cb9a1b173e181b4c719577af8f66f0cf890c7d45772dcb8f6b10739e2283

See more details on using hashes here.

Provenance

The following attestation bundles were made for databricks_access_audit-0.22.0-py3-none-any.whl:

Publisher: publish.yml on lukaleet/databricks-access-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page