Databricks Community

camilo_s · ‎06-18-2024

Are there any perspectives in Databricks' roadmap for enabling coarse-grained access management for jobs?

Currently, access to jobs has to be managed on a job by job basis: https://docs.databricks.com/en/security/auth-authz/access-control/index.html#job-acls . It's not difficult to implement this using the Update job permissions API (e.g. automatically during CI/CD).

However, it is difficult to get a global view on who has access to what, short of collecting that information job-by-job yourself. Now, imagine you have to migrate some service principal and need to update permissions on all the workflows it has access to, what a nightmare.

It would be great if you could define job scopes or folders (like workspace folders) that you could define access permissions on in a hierarchical hereditary way. Having a top level scope could also be a first step towards restricting job creation (e.g. only principals X, Y, Z may create jobs at "root" scope, etc.)

Is it just me lacking such a feature?

camilo_s · ‎06-20-2024

Hi @Retired_mod, thanks for your reply.

A more mature access management concept in Databricks would be definitely terrific. I understand it's not entirely along the AI-lines that Databricks is pushing hard currently, but it would improve a lot the platform experience/platform capabilities (e.g. self-service) of Databricks.

I'm not gonna mark the answer as a solution as the original problem isn't solved. Maybe this discussion serves as a place for gathering feedback around the topic.

Databricks Community

Coarse-grained access management for jobs

Connect with Databricks Users in Your Area

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs

Data + AI Summit: Call for Presentations

Season's Speedings: Databricks SQL Delivers 4x Performance Boost Over Two Years

Now Hiring: Databricks Community Technical Moderator

Become Our Next Monthly Community Champion!