Discover and govern access to model services
This feature is in Beta. Account admins can control access to this feature from the account console Previews page. See Manage Databricks previews.
This page describes how to discover model services that are available to you and how to govern access to them with Unity Catalog privileges.
Requirements
- Unity AI Gateway preview enabled for your account. See Manage Databricks previews.
- To manage a model service, you must have the
MANAGEprivilege on it, orMANAGEon its catalog or schema. To manage system-provided model services insystem.ai, you must be a metastore administrator or haveMANAGEonsystem.ai.
Discover model services
To find the model services available to you in Catalog Explorer, the Unity AI Gateway UI, or the Unity Catalog REST API, see Discover foundation models.
Govern access with Unity Catalog privileges
Grant or revoke access to a model service with the same GRANT, REVOKE, and DENY statements you use for other Unity Catalog securables. To query a model service, a user needs EXECUTE on it and USE CATALOG and USE SCHEMA on its catalog and schema.
-- Grant access to a team
GRANT USE CATALOG ON CATALOG main TO ai_team;
GRANT USE SCHEMA ON SCHEMA main.default TO ai_team;
GRANT EXECUTE ON MODEL SERVICE main.default.team_chat TO ai_team;
-- Revoke access
REVOKE EXECUTE ON MODEL SERVICE main.default.team_chat FROM ai_team;
Databricks uses definer's rights to invoke a model service: when a user queries a model service, Databricks checks that the owner has EXECUTE on the referenced models. The caller does not need direct access to the underlying models.
Restrict a system-provided model service
By default, all account users can query the system-provided model services in system.ai. To prevent all users from querying a specific model service, such as a higher-cost model, deny EXECUTE on it:
DENY EXECUTE ON MODEL SERVICE system.ai.databricks-claude-opus-4-6 TO `account users`;
Restrict all system-provided model services to a team
To restrict all current and future model services in system.ai to an AI platform team, revoke access from all account users and grant it to the team:
-- Remove access for all users
REVOKE USE SCHEMA ON SCHEMA system.ai FROM `account users`;
REVOKE EXECUTE ON SCHEMA system.ai FROM `account users`;
-- Grant access to the AI platform team only
GRANT USE SCHEMA ON SCHEMA system.ai TO ai_platform_team;
GRANT EXECUTE ON SCHEMA system.ai TO ai_platform_team;
Offer different model services to different teams
To give a wider user base and a smaller group of power users different models and quotas, create a separate model service for each group, then grant EXECUTE accordingly. Create the model services in the Unity AI Gateway UI or with the REST API. See create model services.
After you create the model services, grant EXECUTE to each group:
-- All users can query the standard model service
GRANT EXECUTE ON MODEL SERVICE ai_platform.default.standard TO `account users`;
-- Only power users can query the power-user model service
GRANT EXECUTE ON MODEL SERVICE ai_platform.default.power_user TO ai_power_users;
You can configure different rate limits on each model service to manage capacity and cost. See Configure rate limits for AI services using Unity AI Gateway.
Govern the content of model service interactions
Unity Catalog privileges control whether a principal can query a model service. To govern how each interaction proceeds — for example, to redact sensitive data from a response or block unsafe content — attach a service policy to the model service. See Service policies for AI securables.