Databricks administration introduction
This article provides an introduction to Databricks administrator privileges and responsibilities.
To fully administer your Databricks instance, you will also need administrative access to your AWS account.
Databricks admin types
There are two levels of admins available in Databricks:
Account admins: Manage the Databricks account, including workspace creation, user management, cloud resources, and account usage monitoring.
Workspace admins: Manage workspace identities, access control, settings, and features for individual workspaces in the account.
What are account admins?
Account admins have privileges over the entire Databricks account. As an account admin, you can create workspaces, configure cloud resources, view usage data, and manage account identities, settings, and subscriptions.
Account admins can also delegate the account admin and workspace admin roles to any other user.
Access the account console
The account console is where account admins manage their Databricks account.
Account admins can access the account console at https://accounts.cloud.databricks.com.
Account admins can also access the account console from within a workspace:
Click your email address at the top of the Databricks workspace UI.
Select Manage Account.
Account admin responsibilities
As an account admin, your responsibilities include:
Create and manage workspaces
Only account admins can create new workspaces. There are a few different methods you can use to create workspaces. See Create and manage workspaces for instructions on each method. You can also use the Workspaces section of the account console to view and manage all the workspaces in your account.
Enable Unity Catalog
An account admin is needed to enable Unity Catalog in your account. The process involves creating a Unity Catalog metastore, which can only be done by an account admin.
For instructions on enabling Unity Catalog, see Get started using Unity Catalog.
Account admins should sync their identity provider with Databricks if applicable. See Sync users and groups from your identity provider.
If you’ve enabled Unity Catalog for at least one workspace in your account, identities (users, groups, and service principals) should be managed in the account console. Account admins can grant permissions and assign workspaces to these identities.
For more information, see Manage users and groups.
Monitor account usage logs
Only account admins can configure audit logs for their account. For information on audit logs, see Audit log reference.
Account admins can also view and download billable usage logs from the account console. For more information, see View and download billable usage logs.
Manage account subscription
Account admins can manage aspects of their Databricks subscription from the account console. For more information, see Manage subscription and billing.
What are workspace admins?
Workspace admins have admin privileges within a single workspace. They can manage workspace-level identities, regulate compute use, and enable and delegate role-based access control (Premium plan and above only).
Workspace admin responsibilities
As a workspace admin, your responsibilities include:
Manage identities in your workspace
If your workspace is enabled for Unity Catalog, identities should be added to the account. Workspace admins can assign account users, groups, and service principals to their workspace. For more information on adding and removing identities in a workspace, see Manage users, service principals, and groups.
Single sign-on (SSO) enables you to authenticate your users using your organization’s identity provider. Databricks recommends configuring SSO in your workspace for greater security and improved user experience. Once SSO is configured, you can enable multi-factor authentication via your identity provider. For instructions, see Setting up workspace-level SSO.
Databricks Academy has a free course on Identity Administration.
Create and manage compute resources
Workspace admins can create SQL warehouses (a compute resource that lets you run SQL commands on data objects within Databricks SQL) and clusters for their workspace users. For instructions on creating SQL warehouses, see Configure SQL warehouses.
It is also the workspace admin’s job to regulate how compute resources are used in their workspace. Workspace admins have the following tools:
Limit workspace users’ cluster creation options with cluster policies.
Enforce consistent cluster configurations by configuring global init scripts.
Learn which compute resources have Unity Catalog access.
Grant S3 bucket access through clusters using instance profiles.
Databricks Academy has a free course on Compute Resources Administration.
Manage workspaces features and settings
Workspace admins are responsible for managing select workspace behavior and settings, including:
Enabling access control for workspace objects (Requires Premium plan or above. See Upgrade plan.
For information on other available workspace settings, see Managing workspace settings.
Databricks Academy has a free course on Databricks Workspace Administration and Security.
Databricks Academy has a free self-paced learning path for platform administrators. Before you can access the course, you first need to register for Databricks Academy if you haven’t already.
You can also sign up to attend a live platform administration training.