Assigning Roles to Users Using Python SDK and DataHub CLI

Original Slack Thread

<@U06TM7M40RK> is there a way to assign roles to users from python sdk or datahub cli ?

Yes, you can assign roles to users using both the DataHub CLI and the Python SDK.

  1. Using the CLI: You can assign roles to users by using the datahub put command. For example, to assign a role to a user, you can use the following command:

    datahub put --urn "urn:li:role:reader" --aspect actors -d - <<-EOF
    {
      "users": [
        {"user": "urn:li:corpuser:datahubuser"}
      ] 
    }
    EOF
    

    This command assigns the “reader” role to the user with the URN urn:li:corpuser:datahubuser https://github.com/datahub-project/datahub/blob/master/docs/features/feature-guides/access-management.md|source.

  2. Using the Python SDK: You can also assign roles using the Python SDK by creating a metadata change proposal and emitting it. Here’s an example:

    from datahub.metadata.schema_classes import ActorsClass, ActorClass
    from datahub.emitter.mcp import MetadataChangeProposalWrapper
    from datahub.emitter.rest_emitter import DatahubRestEmitter
    from datahub.metadata.schema_classes import ChangeTypeClass
    
    # Create an actors aspect
    actors = ActorsClass(
        users=[
            ActorClass(user="urn:li:corpuser:datahubuser")
        ]
    )
    
    # Create a metadata change proposal
    mcp = MetadataChangeProposalWrapper(
        changeType=ChangeTypeClass.UPSERT,
        entityUrn="urn:li:role:reader",
        aspectName="actors",
        aspect=actors
    )
    
    # Emit the metadata
    emitter = DatahubRestEmitter(gms_server="http://localhost:8080")
    emitter.emit(mcp)
    

    This Python code snippet assigns the “reader” role to the specified user https://github.com/datahub-project/datahub/blob/master/docs/features/feature-guides/access-management.md|source.

Would you like more details on how to use these methods?

Sources:

<@U06TM7M40RK> There is no ActorClass in datahub.metadata.schema_classes in v1.0.0rc3

<@U06TM7M40RK> There is no ActorClass in datahub.metadata.schema_classes in v1.0.0rc3 (edited)

It seems likely that the ActorClass is not present in the datahub.metadata.schema_classes in version v1.0.0rc3. This might be due to changes in the package structure or updates in the DataHub Python SDK.

Based on the <https://datahubproject.io/docs/0.13.1/python-sdk/models#datahub.metadata.schema_classes.MetadataChangeLogClass.auditHeader|DataHub Python SDK documentation>, the MetadataChangeProposalClass, ChangeTypeClass, and GenericAspectClass are part of the DataHub schema classes, but there is no mention of ActorClass in the provided data sources.

It seems likely that the Actor concept is part of the authentication subsystem in DataHub, as described in the <https://datahubproject.io/docs/0.14.0/authentication/concepts|Authentication Concepts & Key Components> documentation. An Actor represents a unique identity or principal that initiates actions on the platform, and it is characterized by a type and an ID.

If you are looking to assign roles to users, you might want to use the RoleUserClass from the <https://datahubproject.io/docs/0.13.1/python-sdk/models#datahub.metadata.schema_classes.RetentionClass.version|DataHub Python SDK models>, which is used for provisioned users of a role.

Would you like more detailed steps or further assistance on any specific part of this process?

Sources:

<@U06TM7M40RK> Yes, Can you explain how can I assign roles to user with RoleUserClass

To assign roles to users in DataHub using the Python SDK, you can utilize the RoleUserClass and ActorsClass from the datahub.metadata.schema_classes. Here’s a step-by-step guide on how to achieve this:

  1. Import Necessary Classes: First, ensure you have the necessary classes imported from the DataHub Python SDK.

  2. Create an ActorsClass: This class is used to define the users that are provisioned for a specific role.

  3. Create a Metadata Change Proposal: Use the MetadataChangeProposalWrapper to create a proposal for updating the role assignments.

  4. Emit the Metadata: Use the DatahubRestEmitter to emit the metadata change proposal to your DataHub instance.

Here’s a code snippet to illustrate the process:

from datahub.metadata.schema_classes import ActorsClass, ActorClass, MetadataChangeProposalWrapper, ChangeTypeClass
from datahub.emitter.rest_emitter import DatahubRestEmitter

# Create an actors aspect
actors = ActorsClass(
    users=[
        ActorClass(user="urn:li:corpuser:datahubuser")
    ]
)

# Create a metadata change proposal
mcp = MetadataChangeProposalWrapper(
    changeType=ChangeTypeClass.UPSERT,
    entityUrn="urn:li:role:reader",
    aspectName="actors",
    aspect=actors
)

# Emit the metadata
emitter = DatahubRestEmitter(gms_server="http://localhost:8080")
emitter.emit(mcp)

In this example, the RoleUserClass is used to specify the user URN that you want to assign to a role. The ActorsClass is used to create an aspect that includes the list of users to be assigned to a role. The MetadataChangeProposalWrapper is then used to create a proposal to update the role assignments, and the DatahubRestEmitter is used to emit this proposal to your DataHub instance.

Please replace "urn:li:corpuser:datahubuser" with the actual URN of the user you want to assign the role to, and "urn:li:role:reader" with the URN of the role you want to assign.

Would you like more detailed guidance on any specific step?

Sources:

<@U06TM7M40RK> How can I add logger here to get info from Datahub SDK