Cluster Access Control

Cluster access control allows admins and users to give fine-grained access to other users. Broadly, there are two types of cluster access control:

  1. Cluster creation permission: As an admin, you can choose which users are allowed to create cluster.

    ../../_images/acl-allow-user.png
  2. Individual cluster permissions: A user who has manage permission to a cluster can choose which users are allowed to perform certain actions on a cluster.

    ../../_images/acl-list.png

Enforce cluster configurations

One benefit of these access controls is the ability to enforce cluster configurations so that users cannot change them.

Azure Databricks recommends the following workflow for organizations that need to lock down cluster configurations:

  1. Disable Allow cluster creation for all users.

    ../../_images/acl-allow-user.png
  2. After you create all of the cluster configurations that you want your users to use, give all of the users who need access to a given cluster Can Restart permission. This allows a user to freely start and stop the cluster without having to set up all of the configurations manually.

    ../../_images/acl-permission-details.png

See Cluster Access Control for more details.