Pool access control
Preview
This feature is in Public Preview.
Note
Access control is available only in the Premium plan or above.
With pool access control, permissions determine a user’s abilities. This article describes the individual permissions and how to configure pool access control.
Before you can use pool access control, a Databricks workspace admin must enable it for the workspace. See Enable access control.
Pool permissions
There are three permission levels for a pool: No Permissions, Can Attach To, and Can Manage. The table lists the abilities for each permission.
Ability |
No Permissions |
Can Attach To |
Can Manage |
---|---|---|---|
Attach cluster to pool |
x |
x |
|
Delete pool |
x |
||
Edit pool |
x |
||
Modify pool permissions |
x |
Configure pool permissions
To give a user or group permission to manage pools or attach a cluster to a pool using the UI, at the bottom of the pool configuration page, select the Permissions tab. You can:
Select users and groups from the Select User or Group drop-down and assign permission levels for them.
Update pool permissions for users and groups that have already been added, using the drop-down menu beside a user or group name.

Note
You can also give a user or group permission to manage pools or attach a cluster to a pool using the Permissions API.
The only way to grant a user or group permission to create a pool is through the Workspace-level SCIM APIs. Follow the Workspace Groups API documentation and grant the group the allow-instance-pool-create
entitlement.
Terraform integration
You can manage permissions in a fully automated setup using Databricks Terraform provider and databricks_permissions:
resource "databricks_group" "auto" {
display_name = "Automation"
}
resource "databricks_group" "eng" {
display_name = "Engineering"
}
data "databricks_node_type" "smallest" {
local_disk = true
}
resource "databricks_instance_pool" "this" {
instance_pool_name = "Reserved Instances"
idle_instance_autotermination_minutes = 60
node_type_id = data.databricks_node_type.smallest.id
min_idle_instances = 0
max_capacity = 10
}
resource "databricks_permissions" "pool_usage" {
instance_pool_id = databricks_instance_pool.this.id
access_control {
group_name = databricks_group.auto.display_name
permission_level = "CAN_ATTACH_TO"
}
access_control {
group_name = databricks_group.eng.display_name
permission_level = "CAN_MANAGE"
}
}