Workspace Admin gets 'Access Denied' when creating a cluster

Question

Workspace Admin gets 'Access Denied' when creating a cluster

TrubrixAi Azure Admin 20

Hello Azure Support Team, I am experiencing a critical "Access Denied" issue that is preventing me from creating any new compute clusters in my workspace. I am trying to create a new cluster from the Compute page, but I receive the error: "Access Denied. You do not have permission to access this page." What I Have Verified: 1. My user account (******@trubrixai.com) is a confirmed Workspace Admin. 2. In the Admin Settings, my user has the "Unrestricted cluster creation" entitlement enabled. 3. As a troubleshooting step, I have also explicitly granted my user "Can use" permission on the "Personal Compute" cluster policy. Despite having all the necessary permissions according to the user interface, I am still blocked. This seems to be a platform-level issue with the effective permissions on my user profile. Please investigate why my Workspace Admin account is being denied permission to create a cluster. Thank you.

Krupal Bandari 770 Reputation points Microsoft External Staff Moderator

2025-06-26T01:13:22.5933333+00:00
Hi @TrubrixAi Azure Admin
Even though your account is listed as a Workspace Admin and has the "Unrestricted cluster creation" entitlement enabled, this "Access Denied" error usually stems from one of the following internal Databricks permission layers not from Azure RBAC roles like Contributor or Owner.

Based on our experience, here are the key areas to review:

Review Cluster Policy Configuration Go to Admin Console > Compute Policies, select the policy you're using (e.g., "Personal Compute"), and review its settings. Even if you have "Can Use" permission, the policy itself might include restrictions like "allow_cluster_create": false or filters that exclude your user. Docs: Cluster Policies in Azure Databricks

Check Workspace Access Control Settings If Access Control is enabled at the workspace level, you may also need Can Manage or Can Create permissions to create compute resources, even as a Workspace Admin. Docs: Workspace Access Control

Revalidate Your User Entitlements In Admin Console > Users, double-check your user entry for any sync issues. If there's a mismatch or recent change, try removing and re-adding the user this forces a fresh sync of roles and entitlements from Azure Active Directory. Docs: Manage Users and Groups

Try Using Incognito or Re-Login Occasionally, cached permissions in the browser session can cause misleading errors. Try logging in via an Incognito window or clearing your session cache.

Completing the steps above typically resolves the "Access Denied" issue for Workspace Admins. However, if the issue continues after verifying all the recommended settings, it may indicate a backend entitlement or permission sync issue that requires further investigation by Microsoft or Databricks engineering.

I hope this information helps.

Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.
Krupal Bandari 770 Reputation points Microsoft External Staff Moderator

2025-06-27T06:40:30.96+00:00

@TrubrixAi Azure Admin
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Krupal Bandari 770 Reputation points Microsoft External Staff Moderator

2025-06-27T06:40:30.96+00:00

@TrubrixAi Azure Admin
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

Hi ,

Thanks for reaching out to Microsoft Q&A.

Please try the following common fixes for your issue.

Confirm Workspace Admin Role at the Platform Level

Go to Admin Console > Workspace Settings.
Ensure that ******@trubrixai.com is:
- Workspace Admin in Databricks (not just RBAC). Also listed under Admin Users in the Access Control section.

Check Cluster Policy Scopes

Go to Compute > Cluster Policies.

Open the "Personal Compute" policy.

Verify the policy definition does not contain scope-limiting conditions like:


"allowed_users": ["specific-user@example.com"]

If it does, remove or update to include your user.

Add Full Cluster Permissions

Go to Compute > Permissions (on any cluster).

Add your user (azure-admin@...) with:

Can Manage or Can Attach To / Restart / Use as needed.

  Apply same permission on the Cluster Policy as well.

Reassign Entitlements

Go to Admin Console > Users.

For your user:

Toggle off "Unrestricted Cluster Creation".

Save.

Toggle it back on and save again.

This forces a resync of the entitlement.

Confirm Azure RBAC at Subscription / Resource Level

In Azure Portal:
- Navigate to the RG and databricks workspace.
Ensure your user has at least Contributor role.
- Higher roles like owner or user access administrator may be needed if policies are enforced at the management group level.

Clear Cached Access Tokens

Log out of the databricks workspace.

Clear browser cache or use an incognito window.

Log back in and retry cluster creation.

Test with a New Cluster Policy

Create a new cluster policy without restrictions.

Assign it to your user or group with can use permission.
Attempt to create a cluster using this new policy.

Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.

Share via

Workspace Admin gets 'Access Denied' when creating a cluster

1 answer

Your answer