Manage private access settings
This article explains how to create private access settings objects, which are required to enable private connectivity using Private Service Connect.
To enable Private Service Connect on your workspace, see Enable Private Service Connect for your workspace.
You must contact your Databricks account team to request access to enable PSC on your workspace. Databricks support for private connectivity using PSC is generally available.
This feature requires the Premium plan.
What is a private access settings object?
A private access settings object is a Databricks object that describes a workspace’s Private Service Connect connectivity. Create a new private access settings object just for this workspace, or re-use and share an existing private access setting object among multiple workspaces in the same region.
A private access settings object:
- Expresses your intent to use Private Service Connect with your workspace.
- Controls your settings for the front-end use case of Private Service Connect for public network access.
- Controls which VPC endpoints are permitted to access your workspace.
Create a private access settings object using the account console or the Private Access Settings API. You reference the private access settings object when you create a workspace. You can update a workspace to point to a different private access settings object, but to use Private Service Connect you must attach a private access settings object to the workspace during workspace creation.
Create a private access settings object
-
As an account admin, go to the account console.
-
In the sidebar, click Cloud Resources.
-
Click Private Access Settings.
-
Click Add private access setting.
-
Enter a name for your new private access settings object.
-
Select a region, be sure to match the region of your workspace.
-
Set the Public access enabled field. This cannot be changed after the private access settings object is created.
- If public access is enabled, users can configure the IP access lists to allow/block public access (from the public internet) to the workspaces that use this private access settings object.
- If public access is disabled, no public traffic can access the workspaces that use this private access settings object. The IP access lists do not affect public access.
In both cases, IP access lists cannot block private traffic from PSC because the access lists only control access from the public internet.
-
Select a Private Access Level that restricts access to only authorized PSC connections. It can be one of the below values:
- Account: Any VPC endpoints registered with your Databricks account can access this workspace. This is the default value.
- Endpoint: Only the VPC endpoints that you specify explicitly can access the workspace. If you choose this value, you can choose from among your registered VPC endpoints.
-
Click Add private access setting.
Update a private access settings object
To update fields on a private access object:
- In the account console, click Cloud resources.
- Click Network.
- In sidebar, click Private access settings.
- On the row for the configuration, click the kebab menu
on the right, and select Update. - Change any fields. For guidance on specific fields, see Create a private access settings object.
- Click Update private access setting.
Delete a private access settings object
Private access settings object cannot be edited after creation. If the configuration has incorrect data or if you no longer need it for any workspaces, delete it:
- In the account console, click Cloud resources.
- Click Network.
- Click Private access settings.
- On the row for the configuration, click the kebab menu on the right, and select Delete.
- In the confirmation dialog, click Ok.