This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Log in to ask a question

Service Account with low privileges for API Access to all_running_queries

Posted on 10-02-2024 11:21 AM
data_eng_person
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm hoping to create a service account to allow me to retrieve information on the queries that are currently running in Looker, to enhance observability and allow us to spot problems quickly. I currently plan to do this by using the "all_running_queries" method in the Python "looker_sdk" library. Ideally, I'd like to have a service user with minimal privileges to get this information, but I'm not sure if that is possible with the Looker API.

From an earlier post, I know that "Only admin API users can kill queries via the API." Is the same true for getting a list of running queries? Does the service API account need to have the "Admin" role to be able to call "all_running_queries" and see what's currently running?

0 4 288
0 Likes
Reply
4 REPLIES 4

Posted on --/--/---- --:-- AM
sam8
Staff
Reply posted on --/--/---- --:-- AM

When thinking about what permissions an API call needs, it helps to compare the call to its UI analog. In the case of getting all running queries at once, the only place I know of where you can do that is the Admin Queries page, which requires the admin role.

 

However, I also know that you can pull query information, including about running queries, using System Activity. You'd only need see_system_activity for that.

0 Likes
Reply

Posted on --/--/---- --:-- AM
data_eng_person
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thanks for the reply! I'm actually surprised that it's possible to use the "System Activity" explore to see information on running queries. I had played around with that for quite some time and had come to the conclusion that it only contained information on recently completed queries, which is why I was so intent on using the API to get information on queries that were actively running.

Would you be able to give me a bit of guidance on which filters to use in "System Activity" to get a list of running queries similar to what comes from the "all_running_queries" API? Your help would be much appreciated, as I'm kind of stumped on how to do this!

Reply

Posted on --/--/---- --:-- AM
sam8
Staff
In response to data_eng_person
Reply posted on --/--/---- --:-- AM

Well, your surprise is well founded! I went to go do some testing, and I also couldn't find a way. It does kind of make sense - System Activity is mostly meant to serve as an archive for historical data.

I do have another idea for you, though! Check out the "see_queries" permission. This lets users see the Queries page without the admin role. I would expect that this would work for an API user, too?

0 Likes
Reply

Posted on --/--/---- --:-- AM
data_eng_person
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Unfortunately I wasn't able to get the "see_queries" permission to work for this API call. I created a "Permission Set" with that permission and assigned it to a Role which was assigned to my API user, and the API call always just returned a 404 error.

As an experiment, I tried creating a "Permission Set" with every single permission checked-off, but I only received the same 404 error as before.

The only thing that has worked for me has been to give my API user the "Admin" role, so I'm going to have to assume that it's required to make use of this API.

0 Likes
Reply
Top Labels in this Space
Top Solution Authors
View all