cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Is ABAC feature enabled?

Jerry01
New Contributor III

Can anyone please share me the example of how it works in terms of access controls?

2 REPLIES 2

Anonymous
Not applicable

@Naveena Gโ€‹ :

Yes, Attribute-Based Access Control (ABAC) is a feature that is enabled in Databricks. ABAC allows you to define access policies based on attributes or characteristics of the user or resource being accessed. These attributes can include things like the user's role or department, the resource's location or type, or any other relevant characteristic that you want to use in your access policy.

Here is an example of how ABAC can be used in Databricks for access control:

Suppose you have a Databricks workspace where you want to grant access to specific notebooks based on the department of the user. You can create an ABAC policy that grants access to the notebook based on the department of the user. Here are the steps to create this policy:

  1. Define the attributes: You need to define the attributes that you want to use in your policy. In this example, you can define the department of the user as an attribute.
  2. Define the policy: Once you have defined the attribute, you can create a policy that grants access to the notebook based on the department of the user. For example, you can create a policy that grants read access to a notebook to users in the Finance department.
  3. Assign the policy: Once the policy is created, you can assign it to the notebook. This will ensure that only users in the Finance department can access the notebook.

Example:

import requests
import json
 
# Define the attributes
attributes = {
    "department": "Finance"
}
 
# Define the policy
policy = {
    "action": "read",
    "resource": {
        "type": "notebook",
        "path": "/path/to/notebook"
    },
    "condition": {
        "attribute": "department",
        "operator": "equals",
        "value": "Finance"
    }
}
 
# Assign the policy to the notebook
response = requests.put(
    "https://<databricks-instance>/api/2.0/preview/permissions/notebooks/acl/path/to/notebook",
    headers={"Authorization": "Bearer <access-token>"},
    json={"access_control_list": [policy]}
)

This example creates an ABAC policy that grants read access to a notebook located at /path/to/notebook to users in the Finance department. The policy is assigned to the notebook using the Databricks API.

Anonymous
Not applicable

Hi @Naveena Gโ€‹ 

Thank you for posting your question in our community! We are happy to assist you.

To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?

This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance! 

Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.