啟用存取控制Enable access control

在 Azure Databricks 中,您可以使用存取控制清單 (ACL) 來設定資料表、叢集、集區、作業和工作區物件 (例如筆記本、實驗和資料夾) 的存取權限。In Azure Databricks, you can use access control lists (ACLs) to configure permission to access data tables, clusters, pools, jobs, and workspace objects like notebooks, experiments, and folders.

所有管理使用者都可以管理存取控制清單,就如同已獲得委派權限來管理存取控制清單的使用者一樣。All admin users can manage access control lists, as can users who have been given delegated permissions to manage access control lists.

本節說明管理員使用者為了啟用和停用存取控制所執行的工作。This section describes the tasks that admin users perform to enable and disable access control.

注意

資料表、叢集、集區、作業和工作區存取控制僅適用於 Azure Databricks 進階方案Table, cluster, pool, job, and workspace access control are available only in the Azure Databricks Premium Plan.

管理員也可賦予或拒絕使用者產生存取權杖的能力,進而管理 Azure Databricks REST API 的存取權。An admin can also manage access to Azure Databricks REST APIs by giving or denying users the ability to generate access tokens.

具有適當權限的 Azure 系統管理員,可以設定 Azure Active Directory 條件式存取,以控制允許使用者登入 Azure Databricks 的位置和時間,以及啟用 Azure Data Lake Storage 認證通道,讓使用者能使用其用來登入 Azure Databricks 的相同 Azure Active Directory 身分識別,從 Azure Databricks 叢集向 Azure Data Lake Storage 進行驗證。An Azure administrator with the proper permissions, can configure Azure Active Directory conditional access to control where and when users are permitted to sign in to Azure Databricks and enable Azure Data Lake Storage credential passthrough, which allows users to authenticate to Azure Data Lake Storage from Azure Databricks clusters using the same Azure Active Directory identity that they use to log into Azure Databricks.

本節涵蓋︰This section covers: