Table access control lets you programmatically grant and revoke access to your data using the Databricks view-based access control model. Table access control requires the Premium plan (or, for customers who subscribed to Databricks before March 3, 2020, the Operational Security package).
This article describes how to enable and enforce Python and SQL table access control for your Databricks workspace.
For information about how to enable table access control on a cluster, see Enable table access control for a cluster. To learn how to set privileges on a data object once table access control is enabled, see Data object privileges.
Another approach to securing table access from clusters is SQL-only table access control, which does not require enablement using the options described in this article.
This feature requires the Premium plan (or, for customers who subscribed to Databricks before March 3, 2020, the Operational Security package).
- Go to the Admin Console.
- Click the Workspace Settings tab.
- Click the Cluster, Pool and Jobs Access Control toggle.
- Click Confirm.
- Click the Table Access Control toggle.
- Click Confirm.
To ensure that your users access only the data that you want them to, you must restrict your users to clusters with table access control enabled. In particular, you should ensure that:
Users do not have permission to create clusters. If they create a cluster without table access control, they can access any data from that cluster.
Users do not have Can Attach To permission for any cluster that is not enabled for table access control.
See Cluster access control for more information.