仪表板访问控制Dashboard access control

重要

此功能目前以公共预览版提供。This feature is in Public Preview. 请联系 Azure Databricks 代表,以申请访问权限。Contact your Azure Databricks representative to request access.

在使用仪表板访问控制的情况下,用户的操作能力取决于单个权限。With dashboard access control, individual permissions determine a user’s abilities. 本文介绍各个权限以及配置仪表板访问控制的方式。This article describes the individual permissions and how to configure dashboard access control.

仪表板权限Dashboard permissions

仪表板权限级别分为三个:“无权限”、“可运行”和“可管理” 。There are three permission levels for a dashboard: No Permissions, Can Run, and Can Manage. 该表列出了每个权限赋予用户的能力。The table lists the abilities for each permission.

能力Ability 无权限No Permissions 可运行Can Run 可管理Can Manage
在仪表板列表中查看See in dashboard list xx xx
查看仪表板和结果View dashboard and results xx xx
在仪表板中刷新查询结果(或选择不同的参数)Refresh query results in the dashboard (or choose different parameters) xx xx
编辑仪表板Edit dashboard xx
修改权限Modify permissions xx
删除仪表板Delete dashboard xx

备注

用于执行查询的主体是创建查询的用户,而不是单击“刷新”按钮的用户。The principal used to execute a query is the user that created the query, not the user that clicks the Refresh button.

使用 UI 管理仪表板权限Manage dashboard permissions using the UI

  1. 单击Click the 仪表板图标 “模型”图标。icon in the sidebar.

  2. 单击仪表板。Click a dashboard.

  3. 单击Click the 共享按钮 按钮。button at the top right. 这会显示“管理权限”对话框。The Manage Permissions dialog displays.

    管理仪表板权限Manage dashboard permissions

  4. 选择用户或组,再选择一个权限。Select a user or group and a permission.

  5. 单击 “添加”Click Add.

  6. 关闭对话框。Dismiss the dialog.

使用 API 管理仪表板权限Manage dashboard permissions using the API

若要使用 API 管理仪表板权限,请在 /2.0/permissions/sql/dashboard/<dashboard-id> REST 终结点上调用方法。To manage dashboard permissions using the API, invoke methods on the /2.0/permissions/sql/dashboard/<dashboard-id> REST endpoint. 例如,若要为用户 user@example.com 设置“可管理”权限,请运行以下命令:For example, to set Can Manage permission for the user user@example.com, run the command:

curl -u 'token:<token>' https://<databricks-instance>/api/2.0/permissions/sql/dashboard/<dashboard-id> -X PATCH -d '{ "access_control_list" : [ { "user_name": user@example.com", "permission_level": "CAN_MANAGE" } ] }'

wherewhere