Databricks administration introduction

This article provides an introduction to Databricks administrator privileges and responsibilities.

Note

To fully administer your Databricks instance, you will also need administrative access to your AWS account.

Databricks admin types

There are two levels of admins available in Databricks:

Account admins: Manage the Databricks account, including workspace creation, user management, cloud resources, and account usage monitoring.

Workspace admins: Manage workspace identities, access control, settings, and features for individual workspaces in the account.

What are account admins?

Account admins have privileges over the entire Databricks account. As an account admin, you can create workspaces, configure cloud resources, view usage data, and manage account identities, settings, and subscriptions.

Account admins can also delegate the account admin and workspace admin roles to any other user.

Access the account console

The account console is where account admins manage their Databricks account.

Account admins can access the account console at https://accounts.cloud.databricks.com.

Account admins can also access the account console from within a workspace:

Click your email address at the top of the Databricks workspace UI.
Select Manage Account.

Account admin responsibilities

As an account admin, your responsibilities include:

Creating and managing workspaces
Enabling Unity Catalog
Managing identities
Monitoring account usage logs
Managing the account subscription

Create and manage workspaces

Only account admins can create new workspaces. There are a few different methods you can use to create workspaces. See Create and manage workspaces for instructions on each method. You can also use the Workspaces section of the account console to view and manage all the workspaces in your account.

Enable Unity Catalog

An account admin is needed to enable Unity Catalog in your account. The process involves creating a Unity Catalog metastore, which can only be done by an account admin.

For instructions on enabling Unity Catalog, see Get started using Unity Catalog.

Manage identities

Account admins should sync their identity provider with Databricks if applicable. See Sync users and groups from your identity provider.

If you’ve enabled Unity Catalog for at least one workspace in your account, identities (users, groups, and service principals) should be managed in the account console. Account admins can grant permissions and assign workspaces to these identities.

For more information, see Manage users and groups.

Monitor account usage logs

Only account admins can configure audit logs for their account. For information on audit logs, see Audit log reference.

Account admins can also view and download billable usage logs from the account console. For more information, see View and download billable usage logs.

Manage account subscription

Account admins can manage aspects of their Databricks subscription from the account console. For more information, see Manage subscription and billing.

What are workspace admins?

Workspace admins have admin privileges within a single workspace. They can manage workspace-level identities, regulate compute use, and enable and delegate role-based access control (Premium plan and above only).

Access the admin settings

Workspace admins are the only users who have access to the workspace’s admin settings page. As a workspace admin, you can access admin settings by clicking your username in the top bar of the Databricks workspace and selecting Admin Settings.

Workspace admin responsibilities

As a workspace admin, your responsibilities include:

Managing identities in your workspace
Creating and managing compute resources
Managing workspace features and settings

Manage identities in your workspace

If your workspace is enabled for Unity Catalog, identities should be added to the account. Workspace admins can assign account users, groups, and service principals to their workspace. For more information on adding and removing identities in a workspace, see Manage users, service principals, and groups.

Single sign-on (SSO) enables you to authenticate your users using your organization’s identity provider. Databricks recommends configuring SSO in your workspace for greater security and improved user experience. Once SSO is configured, you can enable multi-factor authentication via your identity provider. For instructions, see Setting up workspace-level SSO.

Note

Databricks Academy has a free course on Identity Administration.

Create and manage compute resources

Workspace admins can create SQL warehouses (a compute resource that lets you run SQL commands on data objects within Databricks SQL) and clusters for their workspace users. For instructions on creating SQL warehouses, see Configure SQL warehouses.

It is also the workspace admin’s job to regulate how compute resources are used in their workspace. Workspace admins have the following tools:

Limit workspace users’ cluster creation options with cluster policies.
Enforce consistent cluster configurations by configuring global init scripts.
Learn which compute resources have Unity Catalog access.

Grant S3 bucket access through clusters using instance profiles.

Note

Databricks Academy has a free course on Compute Resources Administration.

Manage workspaces features and settings

Workspace admins are responsible for managing select workspace behavior and settings, including:

Enabling access control for workspace objects (Requires Premium plan or above. See Upgrade plan.
Managing Databricks SQL settings.

For information on other available workspace settings, see Managing workspace settings.

Note

Databricks Academy has a free course on Databricks Workspace Administration and Security.

Additional resources

Databricks Academy has a free self-paced learning path for platform administrators. Before you can access the course, you first need to register for Databricks Academy if you haven’t already.

You can also sign up to attend a live platform administration training.