Enable table access control for your workspace

Preview

This feature is in Public Preview.

Note

In North America, this feature is available only on Enterprise accounts. In the rest of the world, it is available only on accounts that include the Premium plan (or, for customers who subscribed to Databricks before March 3, 2020, the Operational Security package). If you don’t know the kind of account you’re on, contact your Databricks sales representative.

Table access control lets you programmatically grant and revoke access to your data using the Databricks view-based access control model.

This article describes how to enable Python and SQL table access table access control for your Databricks workspace.

Note

Another approach to securing table access from clusters is SQL-only table access control, which is generally available and does not require admin enablement using the option described in this article. For more information, see SQL-only table access control.

For information about how to enable table access control on a cluster, see Enable table access control for a cluster. To learn how to set privileges on a data object once table access control is enabled, see Data object privileges.

Enable table access control for your workspace

  1. Log in to the Admin Console.
  2. Go to the Access Control tab.
  3. Ensure that Cluster access control is enabled. You cannot enable table access control without having cluster access control already enabled.
  4. Next to Table Access Control, click the Enable button.
  5. Click Confirm.

Enforce table access control

To ensure that your users access only the data that you want them to, you must restrict your users to clusters with table access control enabled.

In particular, you should ensure that:

  • Users do not have permission to create clusters. If they create a cluster without table access control, they can access any data from that cluster.

    Disable cluster create permission
  • Users do not have Can Attach To permission for any cluster that is not enabled for table access control.

See Cluster access control for more information.