Users and groups#

The API exposes key parts of the Dataiku Govern access control management: users and groups. All these can be created, modified and deleted through the API.

Example use cases#

In all examples, client is a dataikuapi.govern_client.GovernClient, obtained using dataikuapi.govern_client.GovernClient.__init__()

Listing users#

client = GovernClient(host, apiKey)
govern_users = client.list_users()
# govern_users is a list of dict. Each item represents one user


[   {   'displayName': 'Administrator',
        'groups': ['administrators', 'data_scientists'],
        'login': 'admin',
        'sourceType': 'LOCAL'},

Creating a user#

A local user with a password#

new_user = client.create_user('test_login', 'test_password', display_name='a test user', groups=['all_powerful_group'])

new_user is a dataikuapi.govern.admin.GovernUser

A user who will login through LDAP#

Note that it is not usually required to manually create users who will login through LDAP as they can be automatically provisionned

new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LDAP", groups=['all_powerful_group'], profile="DESIGNER")

A user who will login through SSO#

This is only for non-LDAP users that thus will not be automatically provisioned, buut should still be able to log in through SSO.

new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LOCAL_NO_AUTH", groups=['all_powerful_group'], profile="DESIGNER")

Modifying a user’s display name, groups, profile, email, …#

To modify the settings of a user, get a handle through dataikuapi.govern_client.GovernClient.get_user(), then use dataikuapi.govern.admin.GovernUser.get_settings()

user = client.get_user("theuserslogin")

settings = user.get_settings()

# Modify the settings in the `get_raw()` dict
settings.get_raw()["displayName"] = "Govern Lover"
settings.get_raw()["email"] = ""
settings.get_raw()["userProfile"] = "DESIGNER"
settings.get_raw()["groups"] = ["group1", "group2", "group3"] # This completely overrides previous groups

# Save the modifications

Deleting a user#

user = client.get_user('test_login')

Impersonating another user#

As a Dataiku Govern administrator, it can be useful to be able to perform API calls on behalf of another user.

user = client.get_user("the_user_to_impersonate")
client_as_user = user.get_client_as()

# All calls done using `client_as_user` will appear as being performed by `the_user_to_impersonate` and will inherit
# its permissions

Listing groups#

A list of the groups can by obtained with the list_groups method:

client = GovernClient(host, apiKey)
# govern_groups is a list of dict. Each group contains at least a "name" attribute
govern_groups = client.list_groups()


[   {   'admin': True,
        'description': 'Govern administrators',
        'name': 'administrators',
        'sourceType': 'LOCAL'},
    {   'admin': False,
        'description': 'Read-write access',
        'name': 'data_scientists',
        'sourceType': 'LOCAL'},
    {   'admin': False,
        'description': 'Read-only access',
        'name': 'readers',
        'sourceType': 'LOCAL'}]

Creating a group#

new_group = client.create_group('test_group', description='test group', source_type='LOCAL')

Modifying settings of a group#

First, retrieve the group definition with a get_definition call, alter the definition, and set it back into Govern:

group_definition = new_group.get_definition()
group_definition['admin'] = True
group_definition['ldapGroupNames'] = ['group1', 'group2']

Deleting a group#

group = client.get_group('test_group')

Reference documentation#

dataikuapi.govern.admin.GovernUser(client, login)

A handle for a user on the Govern instance.


Settings for a Govern user.


A handle to interact with your own user Do not create this object directly, use get_own_user() instead.


Settings for the current Govern user.

dataikuapi.govern.admin.GovernGroup(client, name)

A group on the Govern instance.