cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

set access control list for job cluster

mkieszek
New Contributor II

โ€Ž09-18-2024 02:55 AM

Hello,

currently, we are using an init script that calls the DBW API to add "can_attach_to" permissions for a specific group to initialize the job cluster.

 

How can we set an access control list for job clusters? Is it possible to add it to a policy?

0 Kudos
4 REPLIES 4

szymon_dybczak
Contributor III

โ€Ž09-18-2024 04:15 AM

Hi @mkieszek ,

You can use REST API to set access control list for job clusters. The endpoint is for doing that you can find below
/api/2.0/permissions/clusters/{cluster_id}  (https://docs.databricks.com/api/workspace/clusters/setpermissions)

And it's not possible to use policy for setting ACL. Look at below snippet from documentation:

https://docs.databricks.com/en/admin/clusters/policy-definition.html

szymon_dybczak_0-1726658029265.png

 




0 Kudos

mkieszek
New Contributor II
In response to szymon_dybczak

โ€Ž09-18-2024 05:57 AM

Thank for your response. This solution is currently in use. 

It was done to be able access Spark UI and logs of jobs cluster. Maybe you know is it still needed?

Can I define access control list in job definition json?

0 Kudos

szymon_dybczak
Contributor III
In response to mkieszek

โ€Ž09-18-2024 06:05 AM

In job definition you can only define ACL for the job, not for the cluster. So you can define who is an owner of the job, who can manage a job, who can manage and run etc. 

szymon_dybczak_0-1726664664199.png

 

mkieszek
New Contributor II
In response to szymon_dybczak

โ€Ž09-19-2024 06:57 AM

thanks for you answer.

I was referring to this part of job configuration

mkieszek_0-1726754194242.png

anyway, thank you for you effort.

 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements