SQL warehouse access control

This article describes how to configure permissions on SQL warehouses.

Note

Access control is available only in the Premium plan or above.

SQL warehouse permissions

There are four permission levels for a SQL warehouse: NO PERMISSIONS, CAN USE, IS OWNER, and CAN MANAGE. The table lists the abilities for each permission. Workspace admins have the CAN MANAGE permission on all SQL warehouses in their workspace and the SQL warehouse creator has the IS OWNER permission by default.

Ability

NO PERMISSIONS

CAN USE

IS OWNER

CAN MANAGE

Start the warehouse

x

x

x

View details for the warehouse

x

x

x

View all queries for the warehouse

x

x

View warehouse monitoring tab

x

x

Stop the warehouse

x

x

Delete the warehouse

x

x

Edit the warehouse

x

x

Modify warehouse permissions

x

x

SQL warehouse owners

By default, the creator of a SQL warehouse has the IS OWNER permission. Only workspace admins can change the SQL warehouse owner and IS OWNER cannot be granted to a group. When ownership is transferred, the previous owner is granted the CAN MANAGE permission. If a warehouse doesn’t have a valid owner (for example, the previous owner left the company), the SQL warehouse is unusable until a workspace admin takes this action to transfer the ownership to a new owner.

Transfer ownership of a SQL warehouse

The user you transfer ownership of a SQL warehouse to must have the Allow cluster creation entitlement. See Configure cluster creation entitlement. You can also transfer ownership using the Permissions API.

  1. As a workspace admin, log in to your Databricks workspace.

  2. Click SQL Warehouses in the sidebar.

  3. In a warehouse row, click the Kebab menu kebab menu at the far right and select Permissions. The SQL warehouse permissions display.

  4. Click on the gear icon at the top right and click Assign new owner.

  5. Select the user to assign ownership to. Service principals and groups cannot be assigned ownership of a SQL warehouse.

  6. Click Confirm.

Manage SQL warehouse permissions

This section describes how to manage permissions using the Databricks workspace UI. You can also manage permissions using the Permissions API or the Databricks Terraform provide.

  1. Click SQL Warehouses in the sidebar.

  2. In a warehouse row, click the Kebab menu kebab menu at the far right and select Permissions.

    The SQL warehouse permissions display. The warehouse creator and Databricks workspace admins have CAN MANAGE permission.

    Add permission
  3. Select a user or group and a permission.

  4. Click Add.

  5. Click Save.