https://community.databricks.com/t5/data-engineering/default-acl-for-jobs-and-clusters/m-p/153064#M53926 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/160404">@murtadha_s</a></P> <P>Can you please clarify what you are after? The second part of your question sounded more like a statement: "but currently I need to apply my ACL at every created job/cluster separately," and that confused me a bit.&nbsp;</P> <P>To make sure we point you to the best option... how are you creating your jobs and clusters today (UI, REST, Terraform, bundles), and what default ACL behaviour are you trying to enforce (for example, always granting a specific group CAN_VIEW or CAN_MANAGE)?</P> <P data-pm-slice="1 1 []">Just so that you know, there isn’t currently a way to define a workspace‑wide "default ACL" for all new jobs and clusters via cluster policies. Policies control which config options users can set (instance types, runtime, autoscaling, etc.), but they don’t set object permissions.</P> <P>When it comes to Jobs, if Job ACLs are enabled in the workspace, you can pass an access_control_list when creating jobs through the REST API/SDK (/api/2.1/jobs/create or /jobs/runs/submit). That lets you apply a consistent ACL pattern at creation time.&nbsp;The job’s ACLs also govern the associated job clusters, so you don’t need a separate ACL template for those.</P> <P>For all‑purpose (interactive) clusters, there’s no built‑in default ACL template. The usual approach is to enforce a pattern via the Permissions API / Terraform / Databricks bundles when clusters are created, rather than via cluster policy.</P> <P class="p1"><FONT size="2" color="#FF6600"><STRONG><I>If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.</I></STRONG></FONT><I></I></P> <P class="wnfdntd">&nbsp;</P> Thu, 02 Apr 2026 15:13:36 GMT Ashwin_DSA 2026-04-02T15:13:36Z https://community.databricks.com/t5/data-engineering/default-acl-for-jobs-and-clusters/m-p/153042#M53916 <P>Hi,<BR /><BR />I want to set default ACL that applies to all created jobs and clusters, according to a cluster policy for example, but currently I need to apply my ACL at every created job/cluster separately.</P><P>is there a way to do that?</P><P>BR,</P> Thu, 02 Apr 2026 13:37:19 GMT https://community.databricks.com/t5/data-engineering/default-acl-for-jobs-and-clusters/m-p/153042#M53916 murtadha_s 2026-04-02T13:37:19Z https://community.databricks.com/t5/data-engineering/default-acl-for-jobs-and-clusters/m-p/153064#M53926 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/160404">@murtadha_s</a></P> <P>Can you please clarify what you are after? The second part of your question sounded more like a statement: "but currently I need to apply my ACL at every created job/cluster separately," and that confused me a bit.&nbsp;</P> <P>To make sure we point you to the best option... how are you creating your jobs and clusters today (UI, REST, Terraform, bundles), and what default ACL behaviour are you trying to enforce (for example, always granting a specific group CAN_VIEW or CAN_MANAGE)?</P> <P data-pm-slice="1 1 []">Just so that you know, there isn’t currently a way to define a workspace‑wide "default ACL" for all new jobs and clusters via cluster policies. Policies control which config options users can set (instance types, runtime, autoscaling, etc.), but they don’t set object permissions.</P> <P>When it comes to Jobs, if Job ACLs are enabled in the workspace, you can pass an access_control_list when creating jobs through the REST API/SDK (/api/2.1/jobs/create or /jobs/runs/submit). That lets you apply a consistent ACL pattern at creation time.&nbsp;The job’s ACLs also govern the associated job clusters, so you don’t need a separate ACL template for those.</P> <P>For all‑purpose (interactive) clusters, there’s no built‑in default ACL template. The usual approach is to enforce a pattern via the Permissions API / Terraform / Databricks bundles when clusters are created, rather than via cluster policy.</P> <P class="p1"><FONT size="2" color="#FF6600"><STRONG><I>If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.</I></STRONG></FONT><I></I></P> <P class="wnfdntd">&nbsp;</P> Thu, 02 Apr 2026 15:13:36 GMT https://community.databricks.com/t5/data-engineering/default-acl-for-jobs-and-clusters/m-p/153064#M53926 Ashwin_DSA 2026-04-02T15:13:36Z