Databricks Community

Raman_Unifeye · ‎11-24-2025

As a workspace Admin, I want to prevent unexpected API costs from unrestricted usage of AI Functions (AI_QUERY() etc.), how can we control that only a particular group-users can execute AI Functions ?

I understand the function execution cost can be viewed from https://docs.databricks.com/aws/en/large-language-models/ai-functions#-view-costs-for-ai-function-wo... but perhaps it will be too late 😉

Best Practice and guidelines pls.

RG #Driving Business Outcomes with Data Intelligence

iyashk-DB · ‎11-24-2025

Hi @Raman_Unifeye ,
For PT (Provisioned Throughput) endpoints, on the UI, you will have an option to edit "Permissions" and set a specific User/Group that can query them. You will have to assign that group "Can Query" permission. By Default all Admins will have access to this.

Thanks,
Yashwanth

Raman_Unifeye · ‎11-24-2025

@iyashk-DB - can you pls elaborate on it. I am looking to turn it off for all of Databricks AI Functions usage - https://docs.databricks.com/aws/en/large-language-models/ai-functions#-task-specific-ai-functions

RG #Driving Business Outcomes with Data Intelligence

iyashk-DB · ‎11-24-2025

@Raman_Unifeye , you will be disabling access to the endpionts that will be used inside the ai_query() function. It is not something like disabling the function, but managing the endpoint's access to the Users/groups who can and cannot query them.