Access control is available only in the Premium plan (or, for customers who subscribed to Databricks before March 3, 2020, the Operational Security package).
By default, all users can create and modify workspace objects—including folders, notebooks, experiments, and models—unless an administrator enables workspace access control. With workspace access control, individual permissions determine a user’s abilities. This article describes how to enable workspace access control and prevent users from seeing workspace objects they do not have access to.
For information about assigning permissions and configuring workspace object access control, see Workspace object access control.
Go to the Admin Console.
Select the Access Control tab.
Click the Enable button next to Workspace Access Control.
Workspace visibility control is enabled by default for workspaces created after the release of Databricks platform version 3.34 (released in December 2020). If your workspace was created earlier, an admin must enable the feature.
Workspace access control by itself does not prevent users from seeing the filenames of workspace objects displayed in the Databricks UI even when the users have no permissions on those workspace objects. To prevent notebook filenames and folders from being visible to a user when they have no permissions on them:
- Go to the Admin Console.
- Select the Access Control tab.
- Click the Enable button next to Workspace Visibility Control.
- Click Confirm.
To disable workspace visibility control, use the same procedure, clicking Disable in the third step.
All users can view libraries. To control who can attach libraries to clusters, see Cluster access control.
To enable jobs access control and job visibility access control, see Enable jobs access control for your workspace. To control who can run jobs and see the results of job runs, see Jobs access control.