Set a Folder Policy

PUT /api/v1.2/folders/policy

Use this API to set access permissions for a Notebook/Dashboard folder. For more information, see Using Folders in Notebooks.

Required Role

The following users can make this API call:

  • Users who belong to the system-user/system-admin group/a user with allowed manage permissions on folders.
  • Users who belong to a group associated with a role that allows submitting a command. See Managing Groups and Managing Roles for more information.

Parameters

Note

Parameters marked in bold are mandatory. Others are optional and have default values.

Parameter Description
location It is the current location of the folder.
source_type For a folder, the source type is Folder.
type It denotes if the type is Notebooks or Dashboards. Its value must be notes for a Notebook folder and notebook_dashboards for a Dashboard folder.
policy

Array of policies to be assigned to a cluster. Each policy include following parameters:

Note

Escape the values of policy elements and corresponding values except the user ID value and group ID value.

  • action: Name of the action with particular resource. The actions can be read, write, manage, or all. The actions imply as given below:
    • read: This action is set to allow/deny a user/group to view the folder.
    • write: This action is set to allow/deny a user/group to edit, rename, or move the folder.
    • manage: This action is set to allow/deny a user/group to manage the folder permissions.
    • all: This action is set to allow/deny a user/group to do read/edit/delete the folder. It gets the lowest priority always. That is read, write, and manage actions get precedence over the all action.
  • access: It is set to allow or deny actions. Its value is either allow or deny.
  • condition: Array of user IDs and group IDs that have to be assigned with this policy:
    • qbol_users: An array of IDs of the user for whom this policy needs to be set. But these IDs are not similar to user IDs and create a ticket with Qubole Support to get the user IDs.
    • qbol_groups: An array of IDs of the groups for whom this policy needs to be set.

Request API Syntax

curl -X PUT -H "X-AUTH-TOKEN: <API-TOKEN>" -H "Content-Type: application/json" -H "Accept: application/json" \
-d '{"location":"<FolderLocation>", "type": "<notes/notebook_dashboards>", "source_type":"Folder",
      "policy": "[{\"access\":\"<Access>\",\"condition\":{\"qbol_users\":[<User ID>]},\"action\":[\"<Actions>\"]},
                 \"action\":[\"<Actions>\"]}, {\"access\":\"<Access>\",
                 \"condition\":{\"qbol_groups\":[<Group ID>] \"action\":[\"<Actions>\"]}, {\"access\":\"<Access>\"}]"}' \
"https://api.qubole.com/api/api/v1.2/folders/policy"

Note

The above syntax uses https://api.qubole.com as the endpoint. Qubole provides other endpoints to access QDS that are described in Supported Qubole Endpoints on Different Cloud Providers.

Sample API Requests

Here is a sample API call to assign permissions to the SparkNotes Notebook folder.

curl -i -X PUT -H "X-AUTH-TOKEN: $AUTH_TOKEN" -H "Content-Type: application/json" -H "Accept: application/json" \
-d '{"name":"SparkNotes", "type":"notes", "location":"Users/user1@qubole.com/SparkNotes",
"source_type":"Folder","policy":"[{\"access\":\"allow\", \"condition\":{\"qbol_users\":[12902]},\"action\":[\"read\",\"write\"]},
{\"condition\":{\"qbol_groups\":[129]},\"access\":\"deny\",\"action\":[\"all\"]}]"}' \
"https://api.qubole.com/api/v1.2/folders/policy"

Here is a sample API call to assign permissions to SparkStatus Dashboard folder.

curl -i -X PUT -H "X-AUTH-TOKEN: $AUTH_TOKEN" -H "Content-Type: application/json" -H "Accept: application/json" \
-d '{"name":"SparkStatus", "type":"notebook_dashboards", "location":"Users/user1@qubole.com/SparkStatus","source_type":"Folder","
policy":"[{\"access\":\"allow\",\"condition\":  {\"qbol_users\":[12902]},\"action\":[\"read\",\"write\"]},
{\"condition\":{\"qbol_groups\":[129]},\"access\":\"deny\",\"action\":[\"all\"]}]"}' \
"https://api.qubole.com/api/v1.2/folders/policy"