SCIM API(组)SCIM API (Groups)

重要

此功能目前以公共预览版提供。This feature is in Public Preview.

备注

  • Azure Databricks 管理员可以调用所有 SCIM API 终结点。An Azure Databricks administrator can invoke all SCIM API endpoints.
  • 非管理员用户可以调用“获取组”终结点以读取组显示名称和 ID。Non-admin users can invoke the Groups Get endpoint to read group display names and IDs.

借助 SCIM(组),可以在 Azure Databricks 中创建用户和组并为他们提供适当的访问级别;当他们离开你的组织或不再需要访问 Azure Databricks 时,你还可以删除他们的访问权限(将他们取消预配)。SCIM (Groups) lets you create users and groups in Azure Databricks and give them the proper level of access and remove access for users (deprovision them) when they leave your organization or no longer need access to Azure Databricks.

获取组Get groups

端点Endpoint HTTP 方法HTTP Method
2.0/preview/scim/v2/Groups GET

管理员用户:在 Azure Databricks 工作区中检索所有组的列表。Admin users: Retrieve a list of all groups in the Azure Databricks workspace. 非管理员用户:检索 Azure Databricks 工作区中所有组的列表,仅返回组显示名称和对象 ID。Non-admin users: Retrieve a list of all groups in the Azure Databricks workspace, returning group display name and object ID only.

示例请求Example request

GET /api/2.0/preview/scim/v2/Groups  HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b

可以使用筛选器来指定组的子集。You can use filters to specify subsets of groups. 例如,可以将 sw(“开头为”)筛选器参数应用于 displayName 以检索特定组或组集:For example, you can apply the sw (starts with) filter parameter to displayName to retrieve a specific group or set of groups:

GET /api/2.0/preview/scim/v2/Groups?filter=displayName+sw+eng    HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b

按 ID 获取组Get group by ID

端点Endpoint HTTP 方法HTTP Method
2.0/preview/scim/v2/Groups/{id} GET

管理员用户:检索单个组资源。Admin users: Retrieve a single group resource.

示例请求Example request

GET /api/2.0/preview/scim/v2/Groups/123456  HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b

创建组Create group

端点Endpoint HTTP 方法HTTP Method
2.0/preview/scim/v2/Groups POST

管理员用户:在 Azure Databricks 中创建组。Admin users: Create a group in Azure Databricks.

请求参数遵循标准 SCIM 2.0 协议。Request parameters follow the standard SCIM 2.0 protocol.

请求必须包括以下属性:Requests must include the following attributes:

  • schemas 设置为 urn:ietf:params:scim:schemas:core:2.0:Groupschemas set to urn:ietf:params:scim:schemas:core:2.0:Group
  • displayName

Members 列表是可选项,可以包含用户和其他组。Members list is optional and can include users and other groups. 还可以使用 PATCH 向组添加成员。You can also add members to a group using PATCH.

示例请求Example request

POST /api/2.0/preview/scim/v2/Groups HTTP/1.1
Host: <databricks-instance>
Authorization: Bearer dapi48…a6138b
Content-Type: application/scim+json
{
  "schemas":[
    "urn:ietf:params:scim:schemas:core:2.0:Group"
  ],
  "displayName":"newgroup",
  "members":[
    {
       "value":"100000"
    },
    {
       "value":"100001"
    }
  ]
}

更新组Update group

端点Endpoint HTTP 方法HTTP Method
2.0/preview/scim/v2/Groups/{id} PATCH

管理员用户:通过添加或删除成员,更新 Azure Databricks 中的组。Admin users: Update a group in Azure Databricks by adding or removing members. 可以在组中添加和删除单个成员或组。Can add and remove individual members or groups within the group.

请求参数遵循标准 SCIM 2.0 协议,并依赖于 schemas 属性的值。Request parameters follow the standard SCIM 2.0 protocol and depend on the value of the schemas attribute.

备注

Azure Databricks 不支持更新组名。Azure Databricks does not support updating group names.

示例请求Example requests

PATCH /api/2.0/preview/scim/v2/Groups/123456 HTTP/1.1
Host: <databricks-instance>
Authorization: Bearer dapi48…a6138b
Content-Type: application/scim+json

添加到组Add to group

{
  "schemas":[
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations":[
    {
    "op":"add",
    "value":{
        "members":[
           {
              "value":"<user-id>"
           }
        ]
      }
    }
  ]
}

从组中移除Remove from group

{
  "schemas":[
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations":[
    {
      "op":"remove",
      "path":"members[value eq \"<user-id>\"]"
    }
  ]
}

删除组Delete group

端点Endpoint HTTP 方法HTTP Method
2.0/preview/scim/v2/Groups/{id} DELETE

管理员用户:从 Azure Databricks 中删除组。Admin users: Remove a group from Azure Databricks. 不会删除组中的用户。Users in the group are not removed.

示例请求Example request

DELETE /api/preview/scim/v2/Groups/123456  HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b