Users and groups

The API exposes key parts of the Dataiku Govern access control management: users and groups. All these can be created, modified and deleted through the API.

Example use cases

In all examples, client is a dataikuapi.govern_client.GovernClient, obtained using dataikuapi.govern_client.GovernClient.__init__()

Listing users

client = GovernClient(host, apiKey)
govern_users = client.list_users()
# govern_users is a list of dict. Each item represents one user
prettyprinter.pprint(govern_users)

outputs

[   {   'displayName': 'Administrator',
        'groups': ['administrators', 'data_scientists'],
        'login': 'admin',
        'sourceType': 'LOCAL'},
    ...
]

Creating a user

A local user with a password

new_user = client.create_user('test_login', 'test_password', display_name='a test user', groups=['all_powerful_group'])

new_user is a dataikuapi.govern.admin.GovernUser

A user who will login through LDAP

Note that it is not usually required to manually create users who will login through LDAP as they can be automatically provisionned

new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LDAP", groups=['all_powerful_group'], profile="DESIGNER")

A user who will login through SSO

This is only for non-LDAP users that thus will not be automatically provisioned, buut should still be able to log in through SSO.

new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LOCAL_NO_AUTH", groups=['all_powerful_group'], profile="DESIGNER")

Modifying a user’s display name, groups, profile, email, …

To modify the settings of a user, get a handle through dataikuapi.govern_client.GovernClient.get_user(), then use dataikuapi.govern.admin.GovernUser.get_settings()

user = client.get_user("theuserslogin")

settings = user.get_settings()

# Modify the settings in the `get_raw()` dict
settings.get_raw()["displayName"] = "Govern Lover"
settings.get_raw()["email"] = "[email protected]"
settings.get_raw()["userProfile"] = "DESIGNER"
settings.get_raw()["groups"] = ["group1", "group2", "group3"] # This completely overrides previous groups

# Save the modifications
settings.save()

Deleting a user

user = client.get_user('test_login')
user.delete()

Impersonating another user

As a Dataiku Govern administrator, it can be useful to be able to perform API calls on behalf of another user.

user = client.get_user("the_user_to_impersonate")
client_as_user = user.get_client_as()

# All calls done using `client_as_user` will appear as being performed by `the_user_to_impersonate` and will inherit
# its permissions

Listing groups

A list of the groups can by obtained with the list_groups method:

client = GovernClient(host, apiKey)
# govern_groups is a list of dict. Each group contains at least a "name" attribute
govern_groups = client.list_groups()
prettyprinter.pprint(govern_groups)

outputs

[   {   'admin': True,
        'description': 'Govern administrators',
        'name': 'administrators',
        'sourceType': 'LOCAL'},
    {   'admin': False,
        'description': 'Read-write access',
        'name': 'data_scientists',
        'sourceType': 'LOCAL'},
    {   'admin': False,
        'description': 'Read-only access',
        'name': 'readers',
        'sourceType': 'LOCAL'}]

Creating a group

new_group = client.create_group('test_group', description='test group', source_type='LOCAL')

Modifying settings of a group

First, retrieve the group definition with a get_definition call, alter the definition, and set it back into Govern:

group_definition = new_group.get_definition()
group_definition['admin'] = True
group_definition['ldapGroupNames'] = 'group1,group2'
new_group.set_definition(group_definition)

Deleting a group

group = client.get_group('test_group')
group.delete()

Reference documentation

class dataikuapi.govern.admin.GovernUser(client, login)

A handle for a user on the Govern instance. Do not create this object directly, use get_user() instead.

delete()

Delete the user

get_settings()

Get the settings of the user

Return type

GovernUserSettings

get_client_as()

Get a GovernClient that has the permissions of this user.

This allows administrators to impersonate actions on behalf of other users, in order to perform actions on their behalf

class dataikuapi.govern.admin.GovernUserSettings(client, login, settings)

Settings for a Govern user. Do not create this object directly, use GovernUser.get_settings() instead.

property enabled

Whether this user is enabled

Return type

boolean

property creation_date

Get the creation date of the user as a datetime.datetime

Returns

the creation date

Return type

datetime.datetime or None

save()

Saves the settings

get_raw()
Returns

the raw settings of the user, as a dict. Modifications made to the returned object are reflected when saving

Return type

dict

class dataikuapi.govern.admin.GovernOwnUser(client)

A handle to interact with your own user Do not create this object directly, use get_own_user() instead.

get_settings()

Get your own settings

Return type

GovernOwnUserSettings

class dataikuapi.govern.admin.GovernOwnUserSettings(client, settings)

Settings for the current Govern user. Do not create this object directly, use GovernOwnUser.get_settings() instead.

save()

Saves the settings back to the current user

get_raw()
Returns

the raw settings of the user, as a dict. Modifications made to the returned object are reflected when saving

Return type

dict

class dataikuapi.govern.admin.GovernGroup(client, name)

A group on the Govern instance. Do not create this object directly, use get_group() instead.

delete()

Delete the group

get_definition()

Get the group’s definition (name, description, admin abilities, type, ldap name mapping)

Returns

the group’s definition, as a dict

set_definition(definition)

Set the group’s definition.

You should only set_definition() using an object that you obtained through get_definition(), not create a new dict. :param: dict definition: the definition for the group, as a dict :return: a dict - the definition of the group :rtype: dict