- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Admin API - All access for tenant ? (independent of resource rights)
Hello everyone,
As part of our DataMesh approach to empowering business users, some of our users are completely autonomous in their workspaces, with their own data sources.
In order to gain in maturity, they would like to obtain metadata in order to be able to establish a detailed data lineage, in order to document the data in the report, from the dataset to the information in the tables and columns that make up the dataset.
To do this, there are the Admin APIs, and in particular the metadata API.
However, one sentence catches my attention :
"Service principals included in allowed security groups will have read-only access to all the information available through admin APIs."
Does this mean that if someone has the client_id/secret_id, they can obtain all the metadata for all the tenant's resources (including workspaces for which they do not have authorisation, etc) ?
In short, is it an all-or-nothing right? Or does it allow users to access metadata, but only for resources for which they have access ?
Thank you for your return
Vivien
PS : I am going to start a test phase, and I will be able to add to it when I have the results.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
After testing, the Admin API returns the data for the whole tenant (so it should only be used by admins 🙂 )
Have a nice day,
Vivien
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
After testing, the Admin API returns the data for the whole tenant (so it should only be used by admins 🙂 )
Have a nice day,
Vivien
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @vivien57 ,
As far as I know, client_id and secret_id belong to the service principal's authentication key, which is confidential data and needs to be kept safe.
When you use this feature, you can use service principal to get the data through the supported REST API.
You can refer to the following official documentation to learn what REST APIs are supported by service principal, as well as some detailed steps.
Best Regards,
Rico Zhou
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you for your feedback and explanations.
However, what I'm trying to find out exactly is if I activate this option for a few security groups (service principal), will they see information for all the tenant's metadata (all workspaces, etc.) or only the metadata for the resources to which they have access ?
Thank in advance for your return,
Have a nice day,
Vivien
