Cluster Access Control

Note

Access control is available only in the Databricks Operational Security Package.

By default, all users can create and modify clusters unless an administrator enables cluster access control. With cluster access control, permissions determine a user’s abilities. This topic describes the permissions and how to enable and configure cluster access control.

Types of permissions

You can configure two types of cluster permissions:

  • The Allow Cluster Creation permission controls your ability to create clusters.
  • Cluster-level permissions control your ability to use and modify a specific cluster.

When cluster access control is enabled:

  • An administrator can configure whether a user can create clusters.
  • Any user with Can Manage permission for a cluster can configure whether a user can attach to, restart, resize, and manage that cluster.

Cluster-level permissions

There are four permission levels for a cluster: No Permissions, Can Attach To, Can Restart, and Can Manage. The table lists the abilities for each permission.

Ability No Permissions Can Attach To Can Restart Can Manage
Attach notebook to cluster   x x x
View Spark UI   x x x
View cluster metrics   x x x
Terminate cluster     x x
Start cluster     x x
Restart cluster     x x
Edit cluster       x
Attach library to cluster       x
Resize cluster       x
Modify permissions       x

Note

You have Can Manage permission for any cluster that you create.

Enable cluster access control

  1. Go to the Admin Console.

  2. Select the Access Control tab.

    ../../_images/access-control-tab.png
  3. Click the Enable button next to Cluster and Jobs Access Control.

    ../../_images/ClusterAndJobsACLs.png
  4. Click Confirm to confirm the change.

Configure cluster creation permission

Cluster access control must be enabled.

You can assign the Allow cluster creation permission to individual users or to groups.

To assign to an individual user:

  1. Go to the Admin Console.

  2. Go to the Users tab.

  3. Select the Allow cluster creation checkbox in the user’s row.

    ../../_images/users-list.png
  4. Click Confirm to confirm the change.

To assign to a group:

  1. Go to the Admin Console.
  2. Go to the Groups tab.
  3. Select the group you want to update.
  4. On the Entitlements tab, select Allow cluster creation.

Configure cluster-level permissions

Cluster access control must be enabled and you must have Can Manage permission for the cluster.

  1. Click the clusters icon Clusters Menu Icon in the sidebar.

  2. Click the Permissions Icon lock icon under the Actions column of an existing cluster.

    ClusterACLsButton
  3. In the Permission settings for <cluster name> dialog, you can:

    • Select users and groups from the Add Users and Groups drop-down and assign permission levels for them.
    • Update cluster permissions for users and groups that have already been added, using the drop-down menu beside a user or group name.
    IndvClusterACLs
  4. Click Done.