Enable jobs access control for your workspace

Enabling access control for jobs allows job owners to control who can view job results or manage runs of a job. This article describes how to enable jobs access control and how to prevent users from seeing jobs they don’t have access to.

For information about assigning permissions and configuring jobs access control, see Jobs access control.


This feature requires the Premium plan and above.

Enable jobs access control

  1. Go to the Admin Console.

  2. Click the Workspace Settings tab.

  3. Click the Cluster, Pool and Jobs Access Control toggle.

  4. Click Confirm.

Prevent users from seeing jobs they do not have access to


Job visibility control is enabled by default for workspaces created after the release of Databricks platform version 3.34 (released in December 2020). If your workspace was created earlier, an admin must enable the feature.

Jobs access control by itself does not prevent users from seeing jobs displayed in the Databricks UI even when the users have no permissions on those jobs. To prevent these jobs from being visible to a user:

  1. Go to the admin console.

  2. Click the Workspace Settings tab.

  3. Click the Job Visibility toggle.

  4. Click Confirm.

Terraform integration

You can manage permissions in a fully automated setup using Databricks Terraform provider and databricks_permissions:

resource "databricks_group" "auto" {
  display_name = "Automation"

resource "databricks_group" "eng" {
  display_name = "Engineering"

data "databricks_spark_version" "latest" {}

data "databricks_node_type" "smallest" {
  local_disk = true

resource "databricks_job" "this" {
  name                = "Featurization"
  max_concurrent_runs = 1

  new_cluster {
    num_workers   = 300
    spark_version = data.databricks_spark_version.latest.id
    node_type_id  = data.databricks_node_type.smallest.id

  notebook_task {
    notebook_path = "/Production/MakeFeatures"

resource "databricks_permissions" "job_usage" {
  job_id = databricks_job.this.id

  access_control {
    group_name       = "users"
    permission_level = "CAN_VIEW"

  access_control {
    group_name       = databricks_group.auto.display_name
    permission_level = "CAN_MANAGE_RUN"

  access_control {
    group_name       = databricks_group.eng.display_name
    permission_level = "CAN_MANAGE"

You can get information about jobs by using databricks_jobs.