SQL endpoint access control

Preview

This feature is in Public Preview.

With SQL endpoint access control, individual permissions determine a user’s abilities. This article describes the individual permissions and how to configure SQL endpoint access control.

SQL endpoint permissions

There are three permission levels for a SQL endpoint: No Permissions, Can Use, and Can Manage. The table lists the abilities for each permission.

Ability No Permissions Can Use Can Manage
View own queries x x x
View query details     x
View queries for all users     x
View endpoint details   x x
Start endpoint   x x
Stop endpoint     x
Delete endpoint     x
Edit endpoint     x
Modify permissions     x

Manage SQL endpoint permissions using the UI

  1. Click Endpoints Icon SQL Endpoints in the sidebar.

  2. In an endpoint row, select Vertical Ellipsis > Permissions.

    The SQL endpoint permissions display. The endpoint creator and Databricks admins have Can Manage permission.

    Add permission
  3. Select a user or group and a permission.

  4. Click Add.

  5. Click Save.

Manage SQL endpoint permissions using the API

To manage SQL endpoint permissions using the API, invoke methods on the /2.0/permissions/sql/endpoints/<endpoint-id> REST endpoint. For example, to set Can Manage permission for the user user@example.com, run the command:

curl -u 'token:<token>' https://<databricks-instance>/api/2.0/permissions/sql/endpoints/<endpoint-id> -X PATCH -d '{ "access_control_list" : [ { "user_name": user@example.com", "permission_level": "CAN_MANAGE" } ] }'

where