Enable access control

In Databricks, you can use access control lists (ACLs) to configure permission to access clusters, pools, jobs, and workspace objects like notebooks, experiments, and folders. All users can create and modify objects unless access control is enabled on that object. This document describes the tasks that workspace admins perform to enable and disable access control.

Note

Access control is only in the Premium plan or above.

Note

This guide does not cover information about securing your data. For that information, see Data governance guide.

Enable access control for workspace objects

Go to the admin settings page.
Click the Workspace Settings tab.
Click the Workspace Access Control toggle.
Click Confirm.

Enable access control for clusters, jobs, and pools

Go to the admin settings page.
Click the Workspace Settings tab.
Click the Cluster, Pool and Jobs Access Control toggle.
Click Confirm.

Prevent users from seeing objects they do not have access to

Note

Workspace, job, and cluster visibility control is enabled by default for workspaces created after the release of Databricks platform version 3.34 (released in December 2020). If your workspace was created earlier, a workspace admin must enable the feature.

Access control by itself does not prevent users from seeing the filenames of workspace objects, jobs, or clusters displayed in the Databricks UI even when the users have no permissions on those workspace objects. To prevent notebook filenames and folders, jobs, and clusters from being visible to a user when they have no permissions on them:

Go to the admin settings page.
Click the Workspace Settings tab.
Click the Workspace Visibility Control toggle to prevent users from seeing objects in the workspace file browser that they do not have access to.
Click the Cluster Visibility Control toggle to prevent users from seeing clusters that they do not have access to.
Click the Job Visibility Control toggle to prevent users from seeing jobs that they do not have access to.