Map Data Science & Engineering security models to Databricks SQL

This article describes how Databricks administrators configure Databricks SQL in a workspace that has already configured access to data objects in a Data Science & Engineering workspace. Follow the steps in the section that corresponds to your cluster security model in Data Science & Engineering.

Configure access using clusters with instance profiles

Follow this section if you are using clusters with instance profiles in your Data Science & Engineering workspace and want to access data from Databricks SQL.

For any data you want to query in Databricks SQL, you configure access to the underlying cloud storage using an instance profile.

Requirements

Step 1: Create or reuse an instance profile

See Step 1: Create or reuse an instance profile for each S3 bucket.

Step 2: Grant access to S3 buckets

See Step 2: Grant instance profile access to S3 buckets.

Step 3: Configure SQL endpoints to use the instance profile for data access

Note

You can configure only one instance profile in the data access configuration.

See Step 3: Configure Databricks SQL to use the instance profile for data access.

Step 4: Define data access privileges

See Step 4: Define data access privileges using table access control.

Step 5: Set object owners

See Step 5: (Optional) Set owner.