Enable workspace object access control

Note

Access control is available only in the Azure Databricks Premium Plan.

By default, all users can create and modify workspace objects—including folders, notebooks, experiments, and models—unless an administrator enables workspace access control. With workspace access control, individual permissions determine a user’s abilities. This article describes how to enable workspace access control and prevent users from seeing workspace objects they do not have access to.

For information about assigning permissions and configuring workspace object access control, see Workspace object access control.

Enable workspace object access control

  1. Go to the Admin Console.

  2. Select the Access Control tab.

    Access control tab

  3. Click the Enable button next to Workspace Access Control.

  4. Click Confirm.

Prevent users from seeing workspace objects they do not have access to

Note

Workspace visibility control is enabled by default for workspaces created after the release of Azure Databricks platform version 3.34 (released in December 2020). If your workspace was created earlier, an admin must enable the feature.

Workspace access control by itself does not prevent users from seeing the filenames of workspace objects displayed in the Azure Databricks UI even when the users have no permissions on those workspace objects. To prevent notebook filenames and folders from being visible to a user when they have no permissions on them:

  1. Go to the Admin Console.
  2. Select the Access Control tab.
  3. Click the Enable button next to Workspace Visibility Control.
  4. Click Confirm.

To disable workspace visibility control, use the same procedure, clicking Disable in the third step.

Library and jobs access control

Library icon All users can view libraries. To control who can attach libraries to clusters, see Cluster access control.

Jobs icon To enable jobs access control and job visibility access control, see Enable jobs access control for your workspace. To control who can run jobs and see the results of job runs, see Jobs access control.