Access control settings are disabled by default on workspaces that are upgraded from the Standard plan to the Premium plan. Once an access control setting is enabled, it can not be disabled. For more information, see Access controls lists can be enabled on upgraded workspaces.
Access control lists overview
In Azure Databricks, you can use access control lists (ACLs) to configure permission to access workspace level objects. Workspace admins have the CAN MANAGE permission on all objects in their workspace, which gives them the ability to manage permissions on all objects in their workspaces. Users automatically have the CAN MANAGE permission for objects that they create.
You can manage workspace object permissions by adding objects to folders. Objects in a folder inherit all permissions settings of that folder. For example, a user that has the CAN RUN permission on a folder has CAN RUN permission on the alerts in that folder. To learn about organizing objects into folders, see Workspace browser.
Alerts ACLs
Ability
NO PERMISSIONS
CAN RUN
CAN MANAGE
See in alert list
x
x
View alert and result
x
x
Manually trigger alert run
x
x
Subscribe to notifications
x
x
Edit alert
x
Modify permissions
x
Delete alert
x
Compute ACLs
Ability
NO PERMISSIONS
CAN ATTACH TO
CAN RESTART
CAN MANAGE
Attach notebook to cluster
x
x
x
View Spark UI
x
x
x
View cluster metrics
x
x
x
View driver logs
x
x
x
Terminate cluster
x
x
Start and restart cluster
x
x
Edit cluster
x
Attach library to cluster
x
Resize cluster
x
Modify permissions
x
Legacy dashboard ACLs
Ability
NO PERMISSIONS
CAN VIEW
CAN RUN
CAN EDIT
CAN MANAGE
See in dashboard list
x
x
x
x
View dashboard and results
x
x
x
x
Refresh query results in the dashboard (or choose different parameters)
View model details, versions, stage transition requests, activities, and artifact download URIs
x
x
x
x
x
Request a model version stage transition
x
x
x
x
x
Add a version to a model
x
x
x
x
Update model and version description
x
x
x
x
Add or edit tags
x
x
x
x
Transition model version between stages
x
x
x
Approve a transition request
x
x
x
Cancel a transition request
x
Rename model
x
Modify permissions
x
Delete model and model versions
x
Notebook ACLs
Ability
NO PERMISSIONS
CAN READ
CAN RUN
CAN EDIT
CAN MANAGE
View cells
x
x
x
x
Comment
x
x
x
x
Run via %run or notebook workflows
x
x
x
x
Attach and detach notebooks
x
x
x
Run commands
x
x
x
Edit cells
x
x
Modify permissions
x
Pool ACLs
Ability
NO PERMISSIONS
CAN ATTACH TO
CAN MANAGE
Attach cluster to pool
x
x
Delete pool
x
Edit pool
x
Modify permissions
x
Query ACLs
Ability
NO PERMISSIONS
CAN VIEW
CAN RUN
CAN EDIT
CAN MANAGE
View own queries
x
x
x
x
See in query list
x
x
x
x
View query text
x
x
x
x
View query result
x
x
x
x
Refresh query result (or choose different parameters)
x
x
x
Include the query in a dashboard
x
x
x
Edit query text
x
x
Change SQL warehouse or data source
x
Modify permissions
x
Delete query
x
Secret ACLs
Ability
READ
WRITE
MANAGE
Read the secret scope
x
x
x
List secrets in the scope
x
x
x
Write to the secret scope
x
x
Modify permissions
x
Serving endpoint ACLs
Ability
NO PERMISSIONS
CAN VIEW
CAN QUERY
CAN MANAGE
Get endpoint
x
x
x
List endpoint
x
x
x
Query endpoint
x
x
Update endpoint config
x
Delete endpoint
x
Modify permissions
x
SQL warehouse ACLs
Ability
NO PERMISSIONS
CAN USE
IS OWNER
CAN MANAGE
Start the warehouse
x
x
x
View details for the warehouse
x
x
x
View all queries for the warehouse
x
x
View warehouse monitoring tab
x
x
Stop the warehouse
x
x
Delete the warehouse
x
x
Edit the warehouse
x
x
Modify permissions
x
x
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.