Enable workspace object access control

By default, all users can create and modify workspace objects—including folders, notebooks, experiments, and models—unless an administrator enables workspace access control. With workspace access control, individual permissions determine a user’s abilities. This article describes how to enable workspace access control and prevent users from seeing workspace objects they do not have access to.

For information about assigning permissions and configuring workspace object access control, see Workspace object access control.

Requirements

This feature requires the Azure Databricks Premium Plan.

Enable workspace object access control

  1. Go to the admin console.
  2. Click the Workspace Settings tab.
  3. Click the Workspace Access Control toggle.
  4. Click Confirm.

Prevent users from seeing workspace objects they do not have access to

Note

Workspace visibility control is enabled by default for workspaces created after the release of Azure Databricks platform version 3.34 (released in December 2020). If your workspace was created earlier, an admin must enable the feature.

Workspace access control by itself does not prevent users from seeing the filenames of workspace objects displayed in the Azure Databricks UI even when the users have no permissions on those workspace objects. To prevent notebook filenames and folders from being visible to a user when they have no permissions on them:

  1. Go to the admin console.
  2. Click the Workspace Settings tab.
  3. Click the Workspace Visibility Control toggle.
  4. Click Confirm.

Library and jobs access control

Library icon All users can view libraries. To control who can attach libraries to clusters, see Cluster access control.

Schedule jobs - notebook icon To enable jobs access control and job visibility access control, see Enable jobs access control for your workspace. To control who can run jobs and see the results of job runs, see Jobs access control.