Discover and govern access to model services

Important

This feature is in Beta. Account admins can control access to this feature from the account console Previews page. See Manage Azure Databricks previews.

This page describes how to discover model services that are available to you and how to govern access to them with Unity Catalog privileges.

Requirements

  • Unity AI Gateway preview enabled for your account. See Manage Azure Databricks previews.
  • To manage a model service, you must have the MANAGE privilege on it, or MANAGE on its catalog or schema. To manage system-provided model services in system.ai, you must be a metastore administrator or have MANAGE on system.ai.

Discover model services

To find the model services available to you in Catalog Explorer, the Unity AI Gateway UI, or the Unity Catalog REST API, see Model services in Unity Catalog.

Govern access with Unity Catalog privileges

Govern access to a model service with the same Unity Catalog privileges you use for other securables. To query a model service, a user needs EXECUTE on it and USE CATALOG and USE SCHEMA on its catalog and schema.

To manage access in Catalog Explorer, open the model service and use its Permissions tab:

  • To grant a team access, click Grant, select the team, and grant EXECUTE. Make sure the team also has USE CATALOG and USE SCHEMA on the model service's catalog and schema.
  • To revoke access, select the team's EXECUTE grant and click Revoke.

Azure Databricks uses definer's rights to invoke a model service: when a user queries a model service, Azure Databricks checks that the owner has EXECUTE on the referenced models. The caller does not need direct access to the underlying models.

Restrict a system-provided model service

By default, all account users can query the system-provided model services in system.ai. To prevent all users from querying a specific model service, such as a higher-cost model, open that model service in Catalog Explorer and, on its Permissions tab, add a DENY on EXECUTE for the account users group.

Restrict all system-provided model services to a team

To restrict all current and future model services in system.ai to an AI platform team, manage privileges on the system.ai schema itself in Catalog Explorer. On the schema's Permissions tab:

  • Remove the account users group's USE SCHEMA and EXECUTE privileges on system.ai.
  • Grant USE SCHEMA and EXECUTE on system.ai to the AI platform team only.

Granting a privilege on the schema applies it to all current and future model services in that schema.

Offer different model services to different teams

To give a wider user base and a smaller group of power users different models and quotas, create a separate model service for each group, then grant EXECUTE accordingly. Create the model services in the Unity AI Gateway UI or Catalog Explorer. See create model services.

After you create the model services, grant EXECUTE to each group from each model service's Permissions tab in Catalog Explorer:

  • Grant EXECUTE on the standard model service to the account users group.
  • Grant EXECUTE on the power-user model service to the power users group only.

You can configure different rate limits on each model service to manage capacity and cost. See Configure rate limits for AI services using Unity AI Gateway.

Govern the content of model service interactions

Unity Catalog privileges control whether a principal can query a model service. To govern how each interaction proceeds (for example, to block a response that contains unsafe content or PII), attach a service policy to the model service. Service policies are how you implement guardrails on a model service: built-in guardrails cover common risks such as PII, prompt injection, and unsafe content, and custom policies enforce rules specific to your organization.

To learn about service policies and attach one, see:

Next steps