cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict a Workspace User from Creating/Managing Databricks Jobs

neointab
New Contributor

Hello Databricks team,

I currently have a workspace user, and I want to disable their ability to create or manage Databricks jobs entirely. Specifically, I would like to prevent the user from accessing the "Create Job" option in the Databricks UI or via any API.

I am aware of the Job ACLs, which allow us to manage permissions like CAN_MANAGE or CAN_EDIT for specific jobs. However, my requirement is different: I need a way to completely restrict this user from creating any job, not just managing existing ones.

Is there a mechanism in Databricks to achieve this? For example:

  • A setting or permission to disable the "Create Job" option for a specific user or service principal.
  • A workspace-level control that governs job creation permissions.

If my understanding of Job ACLs is incorrect and they can restrict job creation as well, kindly clarify.

Thank you for your guidance!

1 REPLY 1

Alberto_Umana
Databricks Employee
Databricks Employee

Hello @neointab,

Currently, Databricks does not offer a direct workspace-level setting to restrict job creation for specific users. However, there are some workarounds and related controls that can be considered:

  1. Cluster Creation Restrictions: One approach is to restrict users from creating clusters, as job creation typically requires cluster creation. By disabling the "Allow unrestricted cluster creation" entitlement for non-admin users, you can indirectly prevent them from creating jobs. This can be done through the Admin Settings under User Entitlements.
  2. Cluster Policies: You can create and enforce cluster policies that limit the resources available to users, which can indirectly control job creation. However, this does not completely prevent job creation but can limit the scope and impact of the jobs created.
  3. Service Principals and Job Ownership: Using service principals to run jobs can provide more control over job execution and permissions. Workspace admins can manage job ownership and permissions more effectively by assigning jobs to service principals.
  4. Custom Automation: Implementing custom scripts or automation to monitor and manage job creation and permissions can be a way to enforce more granular control. This would involve using Databricks APIs to periodically check and update job permissions.
  5. Feature Requests and Future Enhancements: There are ongoing discussions and feature requests within Databricks to enhance job management capabilities, including more granular control over job creation.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group