Hi Team,
- The GCP Databricks URL https://accounts.gcp.databricks.com/ for GCP Databricks is linked to the GCP Billing Account.
- We have two clients with separate GCP Organizations:
- client1.example.com
- client2.example.com
- Both GCP Organizations share the same GCP Billing Account.
- The GCP provides a single Billing Account for the company.
To create a Databricks Workspace, the AccountAdmin permission must be assigned to the GCP IAM user through User Management.
If we grant AccountAdmin permissions to both clients, they will be able to:
- View other client workspaces.
- Modify or delete workspaces belonging to other clients.
We want guidance on how to:
- Restrict GCP IAM users so they can create workspaces but only access the workspaces they create.
- Ensure other workspaces are neither visible nor accessible to them.
Please let us know how this can be achieved.
Regards,
Karthik Kumar P L
Lead Cloud Support