| Interface | Description |
|---|---|
| AccessControlService |
Rule based Access Control for Databricks Resources.
|
| AccountAccessControlProxyService |
These APIs manage access rules on resources in an account.
|
| AccountAccessControlService |
These APIs manage access rules on resources in an account.
|
| AccountGroupsService |
Groups simplify identity management, making it easier to assign access to Databricks account,
data, and other securable objects.
|
| AccountGroupsV2Service |
Groups simplify identity management, making it easier to assign access to Databricks account,
data, and other securable objects.
|
| AccountServicePrincipalsService |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| AccountServicePrincipalsV2Service |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| AccountUsersService |
User identities recognized by Databricks and represented by email addresses.
|
| AccountUsersV2Service |
User identities recognized by Databricks and represented by email addresses.
|
| CurrentUserService |
This API allows retrieving information about currently authenticated user or service principal.
|
| GroupsService |
Groups simplify identity management, making it easier to assign access to Databricks workspace,
data, and other securable objects.
|
| GroupsV2Service |
Groups simplify identity management, making it easier to assign access to Databricks workspace,
data, and other securable objects.
|
| PermissionMigrationService |
APIs for migrating acl permissions, used only by the ucx tool:
https://github.com/databrickslabs/ucx
This is the high-level interface, that contains generated methods.
|
| PermissionsService |
Permissions API are used to create read, write, edit, update and manage access for various users
on different objects and endpoints. * **[Apps permissions](:service:apps)** — Manage which users
can manage or use apps. * **[Cluster permissions](:service:clusters)** — Manage which users can
manage, restart, or attach to clusters. * **[Cluster policy
permissions](:service:clusterpolicies)** — Manage which users can use cluster policies. *
**[Spark Declarative Pipelines permissions](:service:pipelines)** — Manage which users can view,
manage, run, cancel, or own a Spark Declarative Pipeline. * **[Job permissions](:service:jobs)**
— Manage which users can view, manage, trigger, cancel, or own a job. * **[MLflow experiment
permissions](:service:experiments)** — Manage which users can read, edit, or manage MLflow
experiments. * **[MLflow registered model permissions](:service:modelregistry)** — Manage which
users can read, edit, or manage MLflow registered models. * **[Instance Pool
permissions](:service:instancepools)** — Manage which users can manage or attach to pools. *
**[Repo permissions](repos)** — Manage which users can read, run, edit, or manage a repo. *
**[Serving endpoint permissions](:service:servingendpoints)** — Manage which users can view,
query, or manage a serving endpoint. * **[SQL warehouse permissions](:service:warehouses)** —
Manage which users can use or manage SQL warehouses. * **[Token
permissions](:service:tokenmanagement)** — Manage which users can create or use tokens. *
**[Workspace object permissions](:service:workspace)** — Manage which users can read, run, edit,
or manage alerts, dbsql-dashboards, directories, files, notebooks and queries.
|
| ServicePrincipalsService |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| ServicePrincipalsV2Service |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| UsersService |
User identities recognized by Databricks and represented by email addresses.
|
| UsersV2Service |
User identities recognized by Databricks and represented by email addresses.
|
| WorkspaceAssignmentService |
The Workspace Permission Assignment API allows you to manage workspace permissions for principals
in your account.
|
| Class | Description |
|---|---|
| AccessControlAPI |
Rule based Access Control for Databricks Resources.
|
| AccessControlRequest | |
| AccessControlResponse | |
| AccountAccessControlAPI |
These APIs manage access rules on resources in an account.
|
| AccountAccessControlProxyAPI |
These APIs manage access rules on resources in an account.
|
| AccountGroup | |
| AccountGroupsAPI |
Groups simplify identity management, making it easier to assign access to Databricks account,
data, and other securable objects.
|
| AccountGroupsV2API |
Groups simplify identity management, making it easier to assign access to Databricks account,
data, and other securable objects.
|
| AccountServicePrincipal | |
| AccountServicePrincipalsAPI |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| AccountServicePrincipalsV2API |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| AccountUser | |
| AccountUsersAPI |
User identities recognized by Databricks and represented by email addresses.
|
| AccountUsersV2API |
User identities recognized by Databricks and represented by email addresses.
|
| Actor |
represents an identity trying to access a resource - user or a service principal group can be a
principal of a permission set assignment but an actor is always a user or a service principal
|
| CheckPolicyRequest | |
| CheckPolicyResponse | |
| ComplexValue | |
| ConsistencyToken | |
| CreateAccountGroupRequest | |
| CreateAccountServicePrincipalRequest | |
| CreateAccountUserRequest | |
| CreateGroupRequest | |
| CreateServicePrincipalRequest | |
| CreateUserRequest | |
| CurrentUserAPI |
This API allows retrieving information about currently authenticated user or service principal.
|
| DeleteAccountGroupRequest | |
| DeleteAccountServicePrincipalRequest | |
| DeleteAccountUserRequest | |
| DeleteGroupRequest | |
| DeleteServicePrincipalRequest | |
| DeleteUserRequest | |
| DeleteWorkspaceAssignmentRequest | |
| GetAccountGroupRequest | |
| GetAccountServicePrincipalRequest | |
| GetAccountUserRequest | |
| GetAssignableRolesForResourceRequest | |
| GetAssignableRolesForResourceResponse | |
| GetGroupRequest | |
| GetPasswordPermissionLevelsRequest | |
| GetPasswordPermissionLevelsResponse | |
| GetPasswordPermissionsRequest | |
| GetPermissionLevelsRequest | |
| GetPermissionLevelsResponse | |
| GetPermissionRequest | |
| GetRuleSetRequest | |
| GetServicePrincipalRequest | |
| GetUserRequest | |
| GetWorkspaceAssignmentRequest | |
| GrantRule | |
| Group | |
| GroupsAPI |
Groups simplify identity management, making it easier to assign access to Databricks workspace,
data, and other securable objects.
|
| GroupsV2API |
Groups simplify identity management, making it easier to assign access to Databricks workspace,
data, and other securable objects.
|
| ListAccountGroupsRequest | |
| ListAccountGroupsResponse | |
| ListAccountServicePrincipalsRequest | |
| ListAccountServicePrincipalsResponse | |
| ListAccountUsersRequest | |
| ListAccountUsersResponse | |
| ListGroupsRequest | |
| ListGroupsResponse | |
| ListServicePrincipalResponse | |
| ListServicePrincipalsRequest | |
| ListUsersRequest | |
| ListUsersResponse | |
| ListWorkspaceAssignmentRequest | |
| MeRequest | |
| MigratePermissionsRequest | |
| MigratePermissionsResponse | |
| Name | |
| ObjectPermissions | |
| PartialUpdate | |
| PasswordAccessControlRequest | |
| PasswordAccessControlResponse | |
| PasswordPermission | |
| PasswordPermissions | |
| PasswordPermissionsDescription | |
| PasswordPermissionsRequest | |
| Patch | |
| PatchAccountGroupRequest | |
| PatchAccountServicePrincipalRequest | |
| PatchAccountUserRequest | |
| PatchGroupRequest | |
| PatchServicePrincipalRequest | |
| PatchUserRequest | |
| Permission | |
| PermissionAssignment |
The output format for existing workspace PermissionAssignment records, which contains some info
for user consumption.
|
| PermissionAssignments | |
| PermissionMigrationAPI |
APIs for migrating acl permissions, used only by the ucx tool:
https://github.com/databrickslabs/ucx
|
| PermissionOutput | |
| PermissionsAPI |
Permissions API are used to create read, write, edit, update and manage access for various users
on different objects and endpoints. * **[Apps permissions](:service:apps)** — Manage which users
can manage or use apps. * **[Cluster permissions](:service:clusters)** — Manage which users can
manage, restart, or attach to clusters. * **[Cluster policy
permissions](:service:clusterpolicies)** — Manage which users can use cluster policies. *
**[Spark Declarative Pipelines permissions](:service:pipelines)** — Manage which users can view,
manage, run, cancel, or own a Spark Declarative Pipeline. * **[Job permissions](:service:jobs)**
— Manage which users can view, manage, trigger, cancel, or own a job. * **[MLflow experiment
permissions](:service:experiments)** — Manage which users can read, edit, or manage MLflow
experiments. * **[MLflow registered model permissions](:service:modelregistry)** — Manage which
users can read, edit, or manage MLflow registered models. * **[Instance Pool
permissions](:service:instancepools)** — Manage which users can manage or attach to pools. *
**[Repo permissions](repos)** — Manage which users can read, run, edit, or manage a repo. *
**[Serving endpoint permissions](:service:servingendpoints)** — Manage which users can view,
query, or manage a serving endpoint. * **[SQL warehouse permissions](:service:warehouses)** —
Manage which users can use or manage SQL warehouses. * **[Token
permissions](:service:tokenmanagement)** — Manage which users can create or use tokens. *
**[Workspace object permissions](:service:workspace)** — Manage which users can read, run, edit,
or manage alerts, dbsql-dashboards, directories, files, notebooks and queries.
|
| PermissionsDescription | |
| PrincipalOutput |
Information about the principal assigned to the workspace.
|
| ResourceInfo | |
| ResourceMeta | |
| Role | |
| RuleSetResponse | |
| RuleSetUpdateRequest | |
| ServicePrincipal | |
| ServicePrincipalsAPI |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| ServicePrincipalsV2API |
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD
platforms.
|
| SetObjectPermissions | |
| UpdateAccountGroupRequest | |
| UpdateAccountServicePrincipalRequest | |
| UpdateAccountUserRequest | |
| UpdateGroupRequest | |
| UpdateObjectPermissions | |
| UpdateRuleSetRequest | |
| UpdateServicePrincipalRequest | |
| UpdateUserRequest | |
| UpdateWorkspaceAssignments | |
| User | |
| UsersAPI |
User identities recognized by Databricks and represented by email addresses.
|
| UsersV2API |
User identities recognized by Databricks and represented by email addresses.
|
| WorkspaceAssignmentAPI |
The Workspace Permission Assignment API allows you to manage workspace permissions for principals
in your account.
|
| WorkspacePermissions |
| Enum | Description |
|---|---|
| GetSortOrder | |
| GroupSchema | |
| ListResponseSchema | |
| ListSortOrder | |
| PasswordPermissionLevel |
Permission level
|
| PatchOp |
Type of patch operation.
|
| PatchSchema | |
| PermissionLevel |
Permission level
|
| RequestAuthzIdentity |
Defines the identity to be used for authZ of the request on the server side.
|
| ServicePrincipalSchema | |
| UserSchema | |
| WorkspacePermission |
Copyright © 2026. All rights reserved.