cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Share notebooks with a AD-user assigned via group

matthiasn
New Contributor III

โ€Ž07-24-2025 08:26 AM - edited โ€Ž07-24-2025 08:53 AM

Hi everybody,

I try to share a notebook with a user that was assigned to the workspace via a AD-Group (using the new automatic sync). But I only see users directly assigned to the workspace. 

My expectation would be that I see all users that are within the AD group as those are also added to the workspace as users. Or do I have to assign all of the AD-Users as users to the workspace as well? That would kind of destroy the usage and concept of groups.

When setting permissions on the Unity Catalog all the users in the AD group are there. The problem only occurs with notebooks/workspace objects

 

 

0 Kudos
2 REPLIES 2

BigRoux
Databricks Employee
Databricks Employee

โ€Ž07-24-2025 09:46 AM

Here are some helpful tips/tricks, and general guidance.
 
Sharing notebooks with users who are members of Active Directory (AD) groups can sometimes be challenging due to the way Azure Databricks handles user permissions. Here are some important points regarding your situation:

Key Points

  • AD Group Membership: When users are assigned to a workspace through an AD group, they should automatically have access to certain resources, including Unity Catalog objects. However, for notebooks and other workspace objects, it appears that only users directly assigned to the workspace are recognized when sharing.
  • Current Behavior: The observed behavior you described, where you can see users directly assigned to the workspace but not those in AD groups, is consistent with how Azure Databricks manages permissions for notebooks and workspace objects. This can be confusing and feels counter to the concept of AD groups.
  • Unity Catalog vs. Notebooks: The difference in visibility and permission settings can be attributed to the distinct ways Azure Databricks integrates with Microsoft Entra ID for Unity Catalog versus workspace objects. While AD group members can access data in Unity Catalog without being individually added to the workspace, this does not carry over to notebook sharing.

Recommendations

  • User Assignment: Unfortunately, if you want to share notebooks with all users in an AD group, you may need to assign those users directly to the workspace. This does feel like a breakdown in leveraging AD groups effectively, but it currently aligns with the specified architecture of Azure Databricks.
  • Look for Updates: Keep an eye on updates from Azure Databricks, particularly around automatic identity management. Features and functionalities evolve, and future enhancements may address this limitation.

Conclusion

At this time, the mechanism does require individual assignments for notebook sharing, which does indeed impact the efficiency of group management. You may also want to provide feedback to Azure Databricks regarding this behavior, as user experience plays a crucial role in tools design.
 
Hope this helps, Lou.
0 Kudos

matthiasn
New Contributor III
In response to BigRoux

โ€Ž07-24-2025 11:21 PM

Thank you for this llm-generated non-answer.

It just takes what I have said and puts an "may need" and other phrases to it. Without make clear statements or even linking to a source in the documentation that I might have missed.

Can you confirm that my observation is the way things currently work with permissions in the workspace? what is the reason for this limitation? and are there specific plans to work on it? If you don't know its just fine, just don't please put out an generated answer. 

Thank you ๐Ÿ™‚ 

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements