Databricks Community

TakuyaOmi · 6 hours ago

I want to grant Workspace Admin permissions to a group instead of individual users, but I haven’t found a way to do this. I considered assigning permissions by adding the group to the Databricks-managed 'admins' group (establishing a parent-child relationship), but it seems there’s a restriction that only users or service principals can be added to the 'admins' group.

Is it only possible for the account admin to grant Workspace Admin permissions to a group via the Account Console?
Do you have any suggestions or better ideas? Thank you!

Alberto_Umana · 6 hours ago

Hi @TakuyaOmi,

It is not possible to add a group to the Databricks-managed 'admins' group directly. Only users or service principals can be added to the 'admins' group.

To grant Workspace Admin permissions to a group, the account admin must use the Account Console. Here are the steps you can follow:

Log in to the Account Console: As an account admin, log in to the Databricks account console.
Navigate to User Management: In the sidebar, click on "User management."
Select Groups: Click on the "Groups" tab.
Add Group: Click "Add Group" to create a new group or select an existing group.
Assign Roles: Assign the Workspace Admin role to the group. This can be done by selecting the group and then assigning the appropriate roles.

Alternatively, you can manage group roles using the Accounts Access Control API if you prefer to automate this process

https://docs.databricks.com/en/admin/users-groups/groups.html

TakuyaOmi · 5 hours ago

@Alberto_Umana

Thank you for your response.

I now understand that granting Workspace Admin permissions to a group can only be done by an Account Admin.

Do you know if there are any plans on the roadmap to enable Workspace Admins to assign permissions to groups in the future? This seems like an essential feature for customers who prefer decentralized management at the workspace level, rather than centralized control by an Account Admin.