Pool access control

Preview

This feature is in Public Preview.

Note

Access control is available only in the Premium plan or above.

With pool access control, permissions determine a user’s abilities. This article describes the individual permissions and how to configure pool access control.

Before you can use pool access control, a Databricks workspace admin must enable it for the workspace. See Enable access control.

Pool permissions

There are three permission levels for a pool: No Permissions, Can Attach To, and Can Manage. The table lists the abilities for each permission.

Ability

No Permissions

Can Attach To

Can Manage

Attach cluster to pool

x

x

Delete pool

x

Edit pool

x

Modify pool permissions

x

Configure pool permissions

To give a user or group permission to manage pools or attach a cluster to a pool using the UI, at the bottom of the pool configuration page, select the Permissions tab. You can:

  • Select users and groups from the Select User or Group drop-down and assign permission levels for them.

  • Update pool permissions for users and groups that have already been added, using the drop-down menu beside a user or group name.

Assign pool permissions

Note

You can also give a user or group permission to manage pools or attach a cluster to a pool using the Permissions API.

The only way to grant a user or group permission to create a pool is through the Workspace-level SCIM APIs. Follow the Workspace Groups API documentation and grant the group the allow-instance-pool-create entitlement.

Terraform integration

You can manage permissions in a fully automated setup using Databricks Terraform provider and databricks_permissions:

resource "databricks_group" "auto" {
  display_name = "Automation"
}

resource "databricks_group" "eng" {
  display_name = "Engineering"
}

data "databricks_node_type" "smallest" {
    local_disk = true
}

resource "databricks_instance_pool" "this" {
  instance_pool_name                    = "Reserved Instances"
  idle_instance_autotermination_minutes = 60
  node_type_id                          = data.databricks_node_type.smallest.id
  min_idle_instances                    = 0
  max_capacity                          = 10
}

resource "databricks_permissions" "pool_usage" {
  instance_pool_id = databricks_instance_pool.this.id

  access_control {
    group_name       = databricks_group.auto.display_name
    permission_level = "CAN_ATTACH_TO"
  }

  access_control {
    group_name       = databricks_group.eng.display_name
    permission_level = "CAN_MANAGE"
  }
}