Databricks administration introduction

This article provides an introduction to Databricks administrator privileges and responsibilities.

Note

To fully administer your Databricks instance, you will also need administrative access to your AWS account.

Databricks admin types

There are two main levels of admin privileges available on the Databricks platform:

  • Account admins: Manage the Databricks account, including workspace creation, user management, cloud resources, and account usage monitoring.

  • Workspace admins: Manage workspace identities, access control, settings, and features for individual workspaces in the account.

Additionally, users can be assigned these feature-specific admin roles, which have narrower sets of privileges:

  • Marketplace admins: Manage their account’s Databricks Marketplace provider profile, including creating and managing Marketplace listings.

  • Metastore admins: Manage privileges and ownership for all securable objects within a Unity Catalog metastore, such as who can create catalogs or query a table.

What are account admins?

Account admins have privileges over the entire Databricks account. As an account admin, you can create workspaces, configure cloud resources, view usage data, and manage account identities, settings, and subscriptions.

Account admins can also delegate the account admin and workspace admin roles to any other user.

Access the account console

The account console is where account admins manage their Databricks account.

Account admins can access the account console at https://accounts.cloud.databricks.com or by clicking their email address at the top of the workspace UI and selecting Manage Account.

Default Databricks AWS account console view

Account admin responsibilities

As an account admin, your responsibilities include:

Create and manage workspaces

Only account admins can create new workspaces. There are a few different methods you can use to create workspaces. See Create and manage workspaces for instructions on each method. You can also use the Workspaces section of the account console to view and manage all the workspaces in your account.

Enable Unity Catalog

Note

If your Databricks account was created after November 8, 2023, your workspaces might have Unity Catalog enabled by default. For more information, see Automatic enablement of Unity Catalog.

An account admin is needed to enable Unity Catalog in your account. The process involves creating a Unity Catalog metastore, which can only be done by an account admin.

For instructions on enabling Unity Catalog, see Get started using Unity Catalog.

Manage identities

Account admins should sync their identity provider with Databricks if applicable. See Sync users and groups from your identity provider.

If you’ve enabled Unity Catalog for at least one workspace in your account, identities (users, groups, and service principals) should be managed in the account console. Account admins can grant permissions and assign workspaces to these identities.

For more information, see Manage users and groups.

Single sign-on (SSO) enables you to authenticate your users using your organization’s identity provider. Databricks recommends configuring SSO in your account for greater security and improved user experience. Once SSO is configured, you can enable multi-factor authentication via your identity provider. For instructions, see Setting up SSO.

Monitor account with system tables

System tables are a Databricks-hosted analytical store of your account’s operational data found in the system catalog. Account admins can enable system tables to access audit logs, billable usage logs, lineage data, and more. See Monitor usage with system tables.

Manage account subscription

Account admins can manage aspects of their Databricks subscription from the account console. For more information, see Manage subscription and billing.

What are workspace admins?

Workspace admins have admin privileges within a single workspace. They can manage workspace-level identities, regulate compute use, and enable and delegate role-based access control (Premium plan or above only).

Access the admin settings

Workspace admins are the only users who have access to the workspace’s admin settings page. As a workspace admin, you can access admin settings by clicking your username in the top bar of the Databricks workspace and selecting Admin Settings.

Default admin settings view

Workspace admin responsibilities

As a workspace admin, your responsibilities include:

Manage identities in your workspace

If your workspace is enabled for Unity Catalog, identities should be added at the account level. Workspace admins can then assign users, groups, and service principals to their workspace. For more information on adding and removing identities in a workspace, see Manage users, service principals, and groups.

Note

Databricks Academy has a free course on Identity Administration. Before you can access the course, you first need to register for Databricks Academy if you haven’t already.

Create and manage compute resources

Workspace admins can create SQL warehouses (a compute resource that lets you run SQL commands on data objects within Databricks SQL) and clusters for their workspace users. For instructions on creating SQL warehouses, see Create a SQL warehouse.

It is also the workspace admin’s job to regulate how compute resources are used in their workspace. Workspace admins have the following tools:

  • Limit workspace users’ cluster creation options with cluster policies.

    • Databricks recommends managing all init scripts as cluster-scoped init scripts. Instead of using global init scripts, manage init scipts using cluster policies.

  • Learn which compute resources have Unity Catalog access.

Note

Databricks Academy has a free course on Compute Resources Administration.

Manage workspaces features and settings

Workspace admins are responsible for managing select workspace behavior and settings. For information on other available workspace settings, see Managing workspace settings.

Additional resources

Databricks Academy has a free self-paced learning path for platform administrators. Before you can access the course, you first need to register for Databricks Academy if you haven’t already.

You can also sign up to attend a live platform administration training.