查询访问控制Query access control
重要
此功能目前以公共预览版提供。This feature is in Public Preview. 请联系 Azure Databricks 代表,以申请访问权限。Contact your Azure Databricks representative to request access.
使用查询访问控制,各个权限确定用户的能力。With query access control, individual permissions determine a user’s abilities. 本文介绍各个权限以及如何配置查询访问控制。This article describes the individual permissions and how to configure query access control.
查询权限Query permissions
有三个查询权限级别: 无权限、 可以运行 和 可管理。There are three permission levels for a query: No Permissions, Can Run, and Can Manage. 该表列出了每个权限赋予用户的能力。The table lists the abilities for each permission.
| 能力Ability | 无权限No Permissions | 可以运行Can Run | 可管理Can Manage |
|---|---|---|---|
| 查看自己的查询View own queries | xx | xx | |
| 在查询列表中查看See in query list | xx | xx | |
| 查看查询文本View query text | xx | xx | |
| 查看查询结果View query result | xx | xx | |
| 刷新查询结果 (或选择不同的参数) Refresh query result (or choose different parameters) | xx | xx | |
| 在仪表板中包含查询Include the query in a dashboard | xx | xx | |
| 编辑查询文本Edit query text | xx | ||
| 更改数据源Change data source | xx | ||
| 修改权限Modify permissions | xx | ||
| 删除查询Delete query | xx |
备注
用于执行查询的主体是创建查询的用户,而不是单击 " 刷新 " 按钮的用户。The principal used to execute a query is the user that created the query, not the user that clicks the Refresh button.
使用 UI 管理查询权限Manage query permissions using the UI
- 安装完成后,单击Click the
“模型”图标。icon in the sidebar. - 单击 "查询"。Click a query.
- 单击右上角的 " 共享 " 按钮。Click the Share button at the top right. 将显示 "管理权限" 对话框。The Manage Permissions dialog displays.
- 选择用户或组和权限。Select a user or group and a permission.
- 单击“添加”。Click Add.
- 关闭对话框。Dismiss the dialog.
使用 API 管理查询权限Manage query permissions using the API
若要使用 API 管理查询权限,请在 /2.0/permissions/sql/query/<query-id> REST 终结点上调用方法。To manage query permissions using the API, invoke methods on the /2.0/permissions/sql/query/<query-id> REST endpoint. 例如,若要设置 可以管理 用户的权限 user@example.com ,请运行命令:For example, to set Can Manage permission for the user user@example.com, run the command:
curl -u 'token:<token>' https://<databricks-instance>/api/2.0/permissions/sql/query/<query-id> -X PATCH -d '{ "access_control_list" : [ { "user_name": user@example.com", "permission_level": "CAN_MANAGE" } ] }'
wherewhere
<databricks-instance>是 Azure Databricks 部署的工作区 URL。<databricks-instance>is the workspace URL of your Azure Databricks deployment.<personal-access-token>是 个人访问令牌。<personal-access-token>is a personal access token.<query-id>查询 ID。<query-id>is a query ID.