cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Restrict a Workspace User from Creating/Managing Databricks Jobs

neointab
New Contributor

‎11-19-2024 09:54 PM

Hello Databricks team,

I currently have a workspace user, and I want to disable their ability to create or manage Databricks jobs entirely. Specifically, I would like to prevent the user from accessing the "Create Job" option in the Databricks UI or via any API.

I am aware of the Job ACLs, which allow us to manage permissions like CAN_MANAGE or CAN_EDIT for specific jobs. However, my requirement is different: I need a way to completely restrict this user from creating any job, not just managing existing ones.

Is there a mechanism in Databricks to achieve this? For example:

  • A setting or permission to disable the "Create Job" option for a specific user or service principal.
  • A workspace-level control that governs job creation permissions.

If my understanding of Job ACLs is incorrect and they can restrict job creation as well, kindly clarify.

Thank you for your guidance!

0 Kudos
2 REPLIES 2

Alberto_Umana
Databricks Employee
Databricks Employee

‎11-25-2024 06:13 AM

Hello @neointab,

Currently, Databricks does not offer a direct workspace-level setting to restrict job creation for specific users. However, there are some workarounds and related controls that can be considered:

  1. Cluster Creation Restrictions: One approach is to restrict users from creating clusters, as job creation typically requires cluster creation. By disabling the "Allow unrestricted cluster creation" entitlement for non-admin users, you can indirectly prevent them from creating jobs. This can be done through the Admin Settings under User Entitlements.
  2. Cluster Policies: You can create and enforce cluster policies that limit the resources available to users, which can indirectly control job creation. However, this does not completely prevent job creation but can limit the scope and impact of the jobs created.
  3. Service Principals and Job Ownership: Using service principals to run jobs can provide more control over job execution and permissions. Workspace admins can manage job ownership and permissions more effectively by assigning jobs to service principals.
  4. Custom Automation: Implementing custom scripts or automation to monitor and manage job creation and permissions can be a way to enforce more granular control. This would involve using Databricks APIs to periodically check and update job permissions.
  5. Feature Requests and Future Enhancements: There are ongoing discussions and feature requests within Databricks to enhance job management capabilities, including more granular control over job creation.

JameDavi_51481
Contributor

‎02-27-2025 12:36 PM

Are there any updates on any of these internal feature requests? It's a pretty big failure in the permissions model that we can't prevent users from scheduling arbitrary workloads on compute they are able to access.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top