Map Data Science & Engineering security models to Databricks SQL
This article describes how Databricks administrators configure Databricks SQL in a workspace that has already configured access to data objects in a Data Science & Engineering workspace. Follow the steps in the section that corresponds to your cluster security model in Data Science & Engineering.
Configure access using clusters with instance profiles
Follow this section if you are using clusters with instance profiles in your Data Science & Engineering workspace and want to access data from Databricks SQL.
For any data you want to query in Databricks SQL, you configure access to the underlying cloud storage using an instance profile.
Requirements
Databricks account on the Premium plan.
Databricks workspace on the E2 version of the Databricks platform. For information about creating E2 workspaces, see Create and manage workspaces using the account console. All new Databricks accounts and most existing accounts are now E2. If you are not sure which account type you have, contact your Databricks representative.
A Databricks SQL endpoint.
Groups representing users who will get access to data.
Step 1: Create or reuse an instance profile
See Step 1: Create or reuse an instance profile for each S3 bucket.
Step 3: Configure SQL endpoints to use the instance profile for data access
Note
You can configure only one instance profile in the data access configuration.
See Step 3: Configure Databricks SQL to use the instance profile for data access.
Step 4: Define data access privileges
See Step 4: Define data access privileges using table access control.