Databricks administration introduction
This article provides an introduction to Databricks administrator privileges and responsibilities.
To fully administer your Databricks instance, you will also need administrative access to your AWS account.
Databricks admin types
There are two main levels of admin privileges available on the Databricks platform:
- Account admins: Manage the Databricks account, including workspace creation, user management, cloud resources, and account usage monitoring.
- Workspace admins: Manage workspace identities, access control, settings, and features for individual workspaces in the account.
Additionally, users can be assigned these feature-specific admin roles, which have narrower sets of privileges:
- Marketplace admins: Manage their account's Databricks Marketplace provider profile, including creating and managing Marketplace listings.
- Metastore admins: Manage privileges and ownership for all securable objects within a Unity Catalog metastore, such as who can create catalogs or query a table.
- Billing admins: View budgets and manage the serverless budget policies across account.
What are account admins?
Account admins have privileges over the entire Databricks account. As an account admin, you can create workspaces, configure cloud resources, view usage data, and manage account identities, settings, and subscriptions.
Account admins can also delegate the account admin and workspace admin roles to any other user.
Access the account console
The account console is where account admins manage their Databricks account.
Account admins can access the account console at https://accounts.cloud.databricks.com or by clicking the workspace selector at the top of the workspace UI and selecting Manage account.
Account admin responsibilities
As an account admin, your responsibilities include:
- Creating and managing workspaces
- Enabling Unity Catalog
- Managing identities
- Monitoring account usage logs
- Managing the account subscription
- Managing Databricks Previews
Create and manage workspaces
Only account admins can create new workspaces. There are a few different methods you can use to create workspaces. See Create and manage workspaces for instructions on each method. You can also use the Workspaces section of the account console to view and manage all the workspaces in your account.
Enable Unity Catalog
If your Databricks account was created after November 8, 2023, your workspaces might have Unity Catalog enabled by default. For more information, see Automatic enablement of Unity Catalog.
An account admin is needed to enable Unity Catalog in your account. The process involves creating a Unity Catalog metastore, which can only be done by an account admin.
For instructions on enabling Unity Catalog, see Get started using Unity Catalog.
Manage identities
Account admins should sync their identity provider with Databricks if applicable. See Sync users and groups from your identity provider using SCIM.
If you've enabled Unity Catalog for at least one workspace in your account, identities (users, groups, and service principals) should be managed in the account console. Account admins can grant permissions and assign workspaces to these identities.
For more information, see Manage users and groups.
Single sign-on (SSO) enables you to authenticate your users using your organization's identity provider. Databricks recommends configuring SSO in your account for greater security and improved user experience. Once SSO is configured, you can enable multi-factor authentication via your identity provider. For instructions, see Setting up SSO.
Monitor account with system tables
System tables are a Databricks-hosted analytical store of your account's operational data found in the system catalog. Account admins can enable system tables to access audit logs, billable usage logs, lineage data, and more. See Monitor account activity with system tables.
Manage account subscription
Account admins can manage aspects of their Databricks subscription from the account console. For more information, see Manage subscription and billing.
Manage Previews
Manage Databricks Previews in your workspace or an organization's workspaces. Previews provide early access to features before they are released for general availability (GA). See Manage Databricks Previews.
What are workspace admins?
Workspace admins have admin privileges within a single workspace. They can manage workspace-level identities, regulate compute use, and enable and delegate role-based access control (Premium plan or above only).
Access the admin settings
Workspace admins are the only users who have access to the workspace's admin settings page. As a workspace admin, you can access admin settings by clicking your username in the top bar of the Databricks workspace and selecting Settings.
Workspace admin responsibilities
As a workspace admin, your responsibilities include:
- Managing identities in your workspace
- Creating and managing compute resources
- Managing workspace features and settings
Manage identities in your workspace
If your workspace is enabled for Unity Catalog, identities should be added at the account level. Workspace admins can then assign users, groups, and service principals to their workspace. For more information on adding and removing identities in a workspace, see Manage users, service principals, and groups.
Databricks Academy has a free course on Identity Administration. Before you can access the course, you first need to register for Databricks Academy if you haven't already.
Create and manage compute resources
Workspace admins can create SQL warehouses (a compute resource that lets you run SQL commands on data objects within Databricks SQL) and clusters for their workspace users. For instructions on creating SQL warehouses, see Create a SQL warehouse.
It is also the workspace admin's job to regulate how compute resources are used in their workspace. Workspace admins have the following tools:
- Limit workspace users' cluster creation options with cluster policies.
- Databricks recommends managing all init scripts as cluster-scoped init scripts. Instead of using global init scripts, manage init scipts using cluster policies.
- Learn which compute resources have Unity Catalog access.
- Grant S3 bucket access through clusters using instance profiles.
Databricks Academy has a free course on Compute Resources Administration.
Manage workspaces features and settings
Workspace admins are responsible for managing select workspace behavior and settings. For information on other available workspace settings, see Managing workspace settings.
Databricks Academy has a free course on Databricks Workspace Administration and Security.
Additional resources
Databricks Academy has a free self-paced learning path for platform administrators. Before you can access the course, you first need to register for Databricks Academy if you haven't already.
You can also sign up to attend a live platform administration training.
If you have a Databricks support package, you can open and manage support cases with Databricks. See Learn how to use Databricks support.
You can also get answers to many questions in the Databricks Community.