SQL endpoint access control
Preview
This feature is in Public Preview.
With SQL endpoint access control, individual permissions determine a user’s abilities. This article describes the individual permissions and how to configure SQL endpoint access control.
SQL endpoint permissions
There are three permission levels for a SQL endpoint: No Permissions, Can Use, and Can Manage. The table lists the abilities for each permission.
| Ability | No Permissions | Can Use | Can Manage |
|---|---|---|---|
| View own queries | x | x | x |
| View query details | x | ||
| View queries for all users | x | ||
| View endpoint details | x | x | |
| Start endpoint | x | x | |
| Stop endpoint | x | ||
| Delete endpoint | x | ||
| Edit endpoint | x | ||
| Modify permissions | x |
Manage SQL endpoint permissions using the UI
Click
SQL Endpoints in the sidebar.In an endpoint row, select
> Permissions.The SQL endpoint permissions display. The endpoint creator and Databricks admins have Can Manage permission.
Select a user or group and a permission.
Click Add.
Click Save.
Manage SQL endpoint permissions using the API
To manage SQL endpoint permissions using the API, invoke methods on the /2.0/permissions/sql/endpoints/<endpoint-id> REST endpoint. For example, to set Can Manage permission for the user user@example.com, run the command:
curl -u 'token:<token>' https://<databricks-instance>/api/2.0/permissions/sql/endpoints/<endpoint-id> -X PATCH -d '{ "access_control_list" : [ { "user_name": user@example.com", "permission_level": "CAN_MANAGE" } ] }'
where
<databricks-instance>is the workspace URL of your Databricks deployment.<personal-access-token>is a personal access token.<endpoint-id>is an endpoint ID.