Azure Databricks administration guide

To manage your Azure Databricks service, you need a few different kinds of administrator:

  • A user with the Azure Contributor or Owner role who can view and make changes to your Azure Databricks service, Azure subscription, and diagnostic logging configurations. The person who signed up for or created your Azure Databricks service typically has one of these roles.
  • Azure Databricks account admins, who manage account-level configurations like workspace creation, network and storage configuration, audit logging, billing, and identity management. If at least one workspace is enabled for Unity Catalog, account admins can also assign users, service principals, and groups to workspaces, manage Unity Catalog metastores, and configure data access for users.
  • Azure Databricks workspace admins, who manage access to a workspace and to objects in the workspace. Your account can have as many workspace admins as you like, and they can delegate some management tasks to non-admin users (for example, cluster management).
  • Azure Active Directory administrators with permission to enable Azure Active Directory conditional access.

To create Azure Databricks workspaces, you need to meet one of the following requirements:

  • You must be an Azure Contributor or Owner.
  • The Microsoft.ManagedIdentity resource provider must be registered in your subscription. See Register resource provider in the Azure documentation.