Map Data Science & Engineering security models to Databricks SQL

This article describes how Databricks administrators configure Databricks SQL in a workspace that has already configured access to data objects in a Data Science & Engineering workspace. Follow the steps in the section that corresponds to your cluster security model in Data Science & Engineering.

Configure access using clusters with instance profiles

Follow this section if you are using clusters with instance profiles in your Data Science & Engineering workspace and want to access data from Databricks SQL.

For any data you want to query in Databricks SQL, you configure access to the underlying cloud storage using an instance profile.

Requirements

• Databricks account on the Premium plan.

• Databricks workspace on the E2 version of the Databricks platform. For information about creating E2 workspaces, see Create and manage workspaces using the account console. All new Databricks accounts and most existing accounts are now E2. If you are not sure which account type you have, contact your Databricks representative.

• A Databricks SQL endpoint.

• Groups representing users who will get access to data.

Step 1: Create or reuse an instance profile

See Step 1: Create or reuse an instance profile for each S3 bucket.

Step 2: Grant access to S3 buckets

See Step 2: Grant instance profile access to S3 buckets.

Step 3: Configure SQL endpoints to use the instance profile for data access

Note

You can configure only one instance profile in the data access configuration.

See Step 3: Configure Databricks SQL to use the instance profile for data access.

Step 4: Define data access privileges

See Step 4: Define data access privileges using table access control.

Step 5: Set object owners

See Step 5: (Optional) Set owner.