Cluster access control allows admins and users to give fine-grained access to other users. Broadly, there are two types of cluster access control:
Cluster creation permission: As an admin, you can choose which users are allowed to create cluster.
Individual cluster permissions: A user who has manage permission to a cluster can choose which users are allowed to perform certain actions on a cluster.
One benefit of these access controls is the ability to enforce cluster configurations so that users cannot change them.
For example, configurations that admins may want to enforce include:
- Tags to charge back costs.
- IAM roles to control access to data.
- Spot instance to save costs.
Databricks recommends the following workflow for organizations that need to lock down cluster configurations:
Disable Allow cluster creation for all users.
After you create all of the cluster configurations that you want your users to use, give all of the users who need access to a given cluster Can Restart permission. This allows a user to freely start and stop the cluster without having to set up all of the configurations manually.
See Cluster Access Control for more details.