Note
This information applies to Databricks CLI versions 0.205 and above. The Databricks CLI is in Public Preview.
Databricks CLI use is subject to the Databricks License and Databricks Privacy Notice, including any Usage Data provisions.
The users command group within the Databricks CLI allows you to manage user identities in your Databricks workspace. User identities recognized by Databricks are represented by email addresses. See Manage users.
Databricks recommends using SCIM provisioning to sync users and groups automatically from your identity provider to your Databricks workspace. SCIM streamlines onboarding a new employee or team by using your identity provider to create users and groups in Databricks workspace and give them the proper level of access. When a user leaves your organization or no longer needs access to Databricks workspace, admins can terminate the user in your identity provider and that user's account will also be removed from Databricks workspace. This ensures a consistent offboarding process and prevents unauthorized users from accessing sensitive data. See Sync users and groups from Microsoft Entra ID using SCIM.
databricks users create
Create a new user in the Databricks workspace. This new user will also be added to the Databricks account.
databricks users create [flags]
Options
--active
If this user is active.
--display-name string
String that represents a concatenation of given and family names.
--external-id string
External ID is not currently supported.
--id string
Databricks user ID.
--json JSON
The inline JSON string or the @path to the JSON file with the request body.
--user-name string
Email address of the Databricks user.
Examples
The following example creates a user with a display name and email:
databricks users create --display-name "John Doe" --user-name "someone@example.com"
The following example creates a user using JSON:
databricks users create --json '{"display_name": "John Doe", "user_name": "someone@example.com", "active": true}'
databricks users delete
Delete a user. Deleting a user from a Databricks workspace also removes objects associated with the user.
databricks users delete ID [flags]
Arguments
ID
Unique ID for a user in the Databricks workspace.
Options
Examples
The following example deletes a user by ID:
databricks users delete 12345
databricks users get
Get information for a specific user in the Databricks workspace.
databricks users get ID [flags]
Arguments
ID
Unique ID for a user in the Databricks workspace.
Options
--attributes string
Comma-separated list of attributes to return in response.
--count int
Desired number of results per page.
--excluded-attributes string
Comma-separated list of attributes to exclude in response.
--filter string
Query by which the results have to be filtered.
--sort-by string
Attribute to sort the results.
--sort-order GetSortOrder
    The order to sort the results. Supported values: ascending, descending
--start-index int
Specifies the index of the first result.
Examples
The following example gets details for a user:
databricks users get 12345
The following example gets user details in JSON format:
databricks users get 12345 --output json
databricks users list
List details for all of the users associated with a Databricks workspace.
databricks users list [flags]
Options
--attributes string
Comma-separated list of attributes to return in response.
--count int
Desired number of results per page.
--excluded-attributes string
Comma-separated list of attributes to exclude in response.
--filter string
Query by which the results have to be filtered.
--sort-by string
Attribute to sort the results.
--sort-order ListSortOrder
    The order to sort the results. Supported values: ascending, descending
--start-index int
Specifies the index of the first result.
Examples
The following example lists all users:
databricks users list
The following example lists users with filtering:
databricks users list --filter "userName eq 'someone@example.com'"
The following example lists users with pagination:
databricks users list --count 10 --start-index 0
databricks users patch
Partially update a user resource by applying the supplied operations on specific user attributes.
databricks users patch ID [flags]
Arguments
ID
Unique ID in the Databricks workspace.
Options
--json JSON
The inline JSON string or the @path to the JSON file with the request body.
Examples
The following example patches a user:
databricks users patch 12345 --json '{"display_name": "Jane Doe"}'
The following example patches a user using a JSON file:
databricks users patch 12345 --json @update.json
databricks users update
Replace a user's information with the data supplied in request.
databricks users update ID [flags]
Arguments
ID
Databricks user ID.
Options
--active
If this user is active.
--display-name string
String that represents a concatenation of given and family names.
--external-id string
External ID is not currently supported.
--id string
Databricks user ID.
--json JSON
The inline JSON string or the @path to the JSON file with the request body.
--user-name string
Email address of the Databricks user.
Examples
The following example updates a user:
databricks users update 12345 --display-name "Jane Doe" --user-name "new-someone@example.com" --active
The following example updates a user using JSON:
databricks users update 12345 --json '{"display_name": "Jane Doe", "user_name": "new-someone@example.com", "active": true}'
databricks users get-permission-levels
Get the permission levels that a user can have on an object.
databricks users get-permission-levels [flags]
Options
Examples
The following example gets permission levels for users:
databricks users get-permission-levels
The following example gets permission levels in JSON format:
databricks users get-permission-levels --output json
databricks users get-permissions
Get the permissions of all passwords. Passwords can inherit permissions from their root object.
databricks users get-permissions [flags]
Options
Examples
The following example gets permissions for users:
databricks users get-permissions
The following example gets permissions in JSON format:
databricks users get-permissions --output json
databricks users set-permissions
Set password permissions.
Sets permissions on an object, replacing existing permissions if they exist. Deletes all direct permissions if none are specified. Objects can inherit permissions from their root object.
databricks users set-permissions [flags]
Options
--json JSON
The inline JSON string or the @path to the JSON file with the request body.
Examples
The following example sets permissions using JSON:
databricks users set-permissions --json '{"access_control_list": [{"user_name": "someone@example.com", "permission_level": "CAN_MANAGE"}]}'
The following example sets permissions using a JSON file:
databricks users set-permissions --json @permissions.json
databricks users update-permissions
Update the permissions on all passwords. Passwords can inherit permissions from their root object.
databricks users update-permissions [flags]
Options
--json JSON
The inline JSON string or the @path to the JSON file with the request body.
Examples
The following example updates permissions using JSON:
databricks users update-permissions --json '{"access_control_list": [{"user_name": "someone@example.com", "permission_level": "CAN_USE"}]}'
The following example updates permissions using a JSON file:
databricks users update-permissions --json @permissions.json
Global flags
--debug
Whether to enable debug logging.
-h or --help
Display help for the Databricks CLI or the related command group or the related command.
--log-file string
A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.
--log-format format
    The log format type, text or json. The default value is text.
--log-level string
A string representing the log format level. If not specified then the log format level is disabled.
-o, --output type
    The command output type, text or json. The default value is text.
-p, --profile string
    The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.
--progress-format format
    The format to display progress logs: default, append, inplace, or json
-t, --target string
If applicable, the bundle target to use