Users and groups¶
The API exposes key parts of the Dataiku Govern access control management: users and groups. All these can be created, modified and deleted through the API.
Example use cases¶
In all examples, client is a dataikuapi.govern_client.GovernClient
, obtained using dataikuapi.govern_client.GovernClient.__init__()
Listing users¶
client = GovernClient(host, apiKey)
govern_users = client.list_users()
# govern_users is a list of dict. Each item represents one user
prettyprinter.pprint(govern_users)
outputs
[ { 'displayName': 'Administrator',
'groups': ['administrators', 'data_scientists'],
'login': 'admin',
'sourceType': 'LOCAL'},
...
]
Creating a user¶
A local user with a password¶
new_user = client.create_user('test_login', 'test_password', display_name='a test user', groups=['all_powerful_group'])
new_user is a dataikuapi.govern.admin.GovernUser
A user who will login through LDAP¶
Note that it is not usually required to manually create users who will login through LDAP as they can be automatically provisionned
new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LDAP", groups=['all_powerful_group'], profile="DESIGNER")
A user who will login through SSO¶
This is only for non-LDAP users that thus will not be automatically provisioned, buut should still be able to log in through SSO.
new_user = client.create_user('test_login', password=None, display_name='a test user', source_type="LOCAL_NO_AUTH", groups=['all_powerful_group'], profile="DESIGNER")
Modifying a user’s display name, groups, profile, email, …¶
To modify the settings of a user, get a handle through dataikuapi.govern_client.GovernClient.get_user()
, then use dataikuapi.govern.admin.GovernUser.get_settings()
user = client.get_user("theuserslogin")
settings = user.get_settings()
# Modify the settings in the `get_raw()` dict
settings.get_raw()["displayName"] = "Govern Lover"
settings.get_raw()["email"] = "[email protected]"
settings.get_raw()["userProfile"] = "DESIGNER"
settings.get_raw()["groups"] = ["group1", "group2", "group3"] # This completely overrides previous groups
# Save the modifications
settings.save()
Deleting a user¶
user = client.get_user('test_login')
user.delete()
Impersonating another user¶
As a Dataiku Govern administrator, it can be useful to be able to perform API calls on behalf of another user.
user = client.get_user("the_user_to_impersonate")
client_as_user = user.get_client_as()
# All calls done using `client_as_user` will appear as being performed by `the_user_to_impersonate` and will inherit
# its permissions
Listing groups¶
A list of the groups can by obtained with the list_groups method:
client = GovernClient(host, apiKey)
# govern_groups is a list of dict. Each group contains at least a "name" attribute
govern_groups = client.list_groups()
prettyprinter.pprint(govern_groups)
outputs
[ { 'admin': True,
'description': 'Govern administrators',
'name': 'administrators',
'sourceType': 'LOCAL'},
{ 'admin': False,
'description': 'Read-write access',
'name': 'data_scientists',
'sourceType': 'LOCAL'},
{ 'admin': False,
'description': 'Read-only access',
'name': 'readers',
'sourceType': 'LOCAL'}]
Creating a group¶
new_group = client.create_group('test_group', description='test group', source_type='LOCAL')
Modifying settings of a group¶
First, retrieve the group definition with a get_definition call, alter the definition, and set it back into Govern:
group_definition = new_group.get_definition()
group_definition['admin'] = True
group_definition['ldapGroupNames'] = 'group1,group2'
new_group.set_definition(group_definition)
Deleting a group¶
group = client.get_group('test_group')
group.delete()
Reference documentation¶
-
class
dataikuapi.govern.admin.
GovernUser
(client, login)¶ A handle for a user on the Govern instance. Do not create this object directly, use
get_user()
instead.-
delete
()¶ Delete the user
-
get_settings
()¶ Get the settings of the user
- Return type
-
get_client_as
()¶ Get a
GovernClient
that has the permissions of this user.This allows administrators to impersonate actions on behalf of other users, in order to perform actions on their behalf
-
-
class
dataikuapi.govern.admin.
GovernUserSettings
(client, login, settings)¶ Settings for a Govern user. Do not create this object directly, use
GovernUser.get_settings()
instead.-
property
enabled
¶ Whether this user is enabled
- Return type
boolean
-
property
creation_date
¶ Get the creation date of the user as a
datetime.datetime
- Returns
the creation date
- Return type
datetime.datetime
or None
-
save
()¶ Saves the settings
-
get_raw
()¶ - Returns
the raw settings of the user, as a dict. Modifications made to the returned object are reflected when saving
- Return type
dict
-
property
-
class
dataikuapi.govern.admin.
GovernOwnUser
(client)¶ A handle to interact with your own user Do not create this object directly, use
get_own_user()
instead.-
get_settings
()¶ Get your own settings
- Return type
-
-
class
dataikuapi.govern.admin.
GovernOwnUserSettings
(client, settings)¶ Settings for the current Govern user. Do not create this object directly, use
GovernOwnUser.get_settings()
instead.-
save
()¶ Saves the settings back to the current user
-
get_raw
()¶ - Returns
the raw settings of the user, as a dict. Modifications made to the returned object are reflected when saving
- Return type
dict
-
-
class
dataikuapi.govern.admin.
GovernGroup
(client, name)¶ A group on the Govern instance. Do not create this object directly, use
get_group()
instead.-
delete
()¶ Delete the group
-
get_definition
()¶ Get the group’s definition (name, description, admin abilities, type, ldap name mapping)
- Returns
the group’s definition, as a dict
-
set_definition
(definition)¶ Set the group’s definition.
You should only
set_definition()
using an object that you obtained throughget_definition()
, not create a new dict. :param: dict definition: the definition for the group, as a dict :return: a dict - the definition of the group :rtype: dict
-