Users and groups#
The API exposes key parts of the DSS access control management: users and groups. All these can be created, modified and deleted through the API.
Example use cases#
In all examples, client is a dataikuapi.dssclient.DSSClient, obtained either using dataikuapi.dssclient.DSSClient.__init__() or dataiku.api_client()
Listing users#
client = DSSClient(host, apiKey)
dss_users = client.list_users()
# dss_users is a list of dict. Each item represents one user
prettyprinter.pprint(dss_users)
outputs:
[ { 'activeWebSocketSesssions': 0,
'codeAllowed': True,
'displayName': 'Administrator',
'groups': ['administrators', 'data_scientists'],
'login': 'admin',
'objectImgHash': 0,
'sourceType': 'LOCAL'},
...
]
Listing connected users#
You can programmatically retrieve the list of connected users on a Dataiku instance, for example to check if you can safely turn off/restart the instance. This is possible by using the list_users() method of the Dataiku public API. That method returns a value for activeWebSocketSessionswhich indicates the number of sessions that a user is logged into at the moment. Anything other than 0 indicates that a user is connected to the instance.
import dataiku
client = dataiku.api_client()
user_list = []
dss_users = client.list_users()
for user in dss_users:
if user["activeWebSocketSessions"]!=0:
user_list.append(user["displayName"])
print(user_list)
Creating a user#
A local user with a password#
new_user = client.create_user('test_login', 'test_password', display_name='a test user', groups=['all_powerful_group'])
new_user is a dataikuapi.dss.admin.DSSUser
A user who will login through LDAP#
Note that it is not usually required to manually create users who will login through LDAP as they can be automatically provisionned
new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LDAP", groups=['all_powerful_group'], profile="DESIGNER")
A user who will login through SSO#
This is only for non-LDAP users that thus will not be automatically provisioned, buut should still be able to log in through SSO.
new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LOCAL_NO_AUTH", groups=['all_powerful_group'], profile="DESIGNER")
Modifying a user’s display name, groups, profile, email, …#
To modify the settings of a user, get a handle through dataikuapi.dssclient.DSSClient.get_user(), then use dataikuapi.dss.admin.DSSUser.get_settings()
user = client.get_user("theuserslogin")
settings = user.get_settings()
# Modify the settings in the `get_raw()` dict
settings.get_raw()["displayName"] = "DSS Lover"
settings.get_raw()["email"] = "my.new.email@stuff.com"
settings.get_raw()["userProfile"] = "DESIGNER"
settings.get_raw()["groups"] = ["group1", "group2", "group3"] # This completely overrides previous groups
# Save the modifications
settings.save()
Deleting a user#
user = client.get_user('test_login')
user.delete()
Modifying user and admin properties#
user = client.get_user("test_login")
settings = user.get_settings()
settings.user_properties["myprop"] = "myvalue"
settings_admin_properties["myadminprop"] = "myadminvalue"
settings.save()
Modifying user secrets#
user = client.get_user("test_login")
settings = user.get_settings()
settings.add_secret("secretname", "secretvalue")
settings.save()
Entering a per-user-credential for a connection#
user = client.get_user('test_login')
settings = user.get_settings()
settings.set_basic_connection_credential("myconnection", "username", "password")
settings.save()
Entering a per-user-credential for a plugin preset#
user = client.get_user('test_login')
settings = user.get_settings()
settings.set_basic_plugin_credential("myplugin", "my_paramset_id", "mypreset_id", "param_name", "username", "password")
settings.save()
Impersonating another user#
As a DSS administrator, it can be useful to be able to perform API calls on behalf of another user.
user = client.get_user("the_user_to_impersonate")
client_as_user = user.get_client_as()
# All calls done using `client_as_user` will appear as being performed by `the_user_to_impersonate` and will inherit
# its permissions
Modifying user secrets#
user = client.get_user("an_user")
settings = user.get_settings()
settings.add_secret("secretname", "secretvalue")
settings.save()
Listing groups#
A list of the groups can by obtained with the list_groups() method:
client = DSSClient(host, apiKey)
# dss_groups is a list of dict. Each group contains at least a "name" attribute
dss_groups = client.list_groups()
prettyprinter.pprint(dss_groups)
outputs
[ { 'admin': True,
'description': 'DSS administrators',
'name': 'administrators',
'sourceType': 'LOCAL'},
{ 'admin': False,
'description': 'Read-write access to projects',
'name': 'data_scientists',
'sourceType': 'LOCAL'},
{ 'admin': False,
'description': 'Read-only access to projects',
'name': 'readers',
'sourceType': 'LOCAL'}]
Creating a group#
new_group = client.create_group('test_group', description='test group', source_type='LOCAL')
Modifying settings of a group#
First, retrieve the group definition with a get_definition() call, alter the definition, and set it back into DSS:
group_definition = new_group.get_definition()
group_definition['admin'] = True
group_definition['ldapGroupNames'] = 'group1,group2'
new_group.set_definition(group_definition)
Deleting a group#
group = client.get_group('test_group')
group.delete()
Reference documentation#
|
A handle for a user on the DSS instance. |
|
Settings for a DSS user. |
|
A handle to interact with your own user |
Settings for the current DSS user. |
|
|
Activity for a DSS user. |
|
A group on the DSS instance. |
The authorization matrix of all groups and enabled users of the DSS instance. |