SQL warehouse access control
With SQL warehouse access control, individual permissions determine a user’s abilities. This article describes the individual permissions and how to configure SQL warehouse access control.
SQL warehouse permissions
There are four permission levels for a SQL warehouse: No Permissions, Can Use, Is Owner, and Can Manage. The table lists the abilities for each permission.
Ability |
No Permissions |
Can Use |
Is Owner |
Can Manage |
---|---|---|---|---|
View all queries for the warehouse |
x |
x |
||
View details for the warehouse |
x |
x |
x |
|
View warehouse monitoring tab |
x |
x |
||
Start the warehouse |
x |
x |
x |
|
Stop the warehouse |
x |
x |
||
Delete the warehouse |
x |
x |
||
Edit the warehouse |
x |
x |
||
Modify warehouse permissions |
x |
x |
Manage SQL warehouse permissions using the UI
Click
SQL Warehouses in the sidebar.
In a warehouse row, select
> Permissions.
The SQL warehouse permissions display. The warehouse creator and Databricks admins have Can Manage permission.
Select a user or group and a permission.
Click Add.
Click Save.
Manage SQL warehouse permissions using the API
To manage SQL warehouse permissions using the API, invoke methods on the /2.0/permissions/sql/warehouses/<warehouse-id>
REST warehouse. For example, to set Can Manage permission for the user user@example.com
, run the command:
curl -u 'token:<token>' https://<databricks-instance>/api/2.0/permissions/sql/warehouses/<warehouse-id> -X PATCH -d '{ "access_control_list" : [ { "user_name": user@example.com", "permission_level": "CAN_MANAGE" } ] }'
where
<databricks-instance>
is the workspace URL of your Databricks deployment.<personal-access-token>
is a personal access token.<warehouse-id>
is a warehouse ID.