cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

Workflow (Job) Cluster Permission Management

VJ3
New Contributor III

Hello Team,

I understand that as the Job Owner, they can grant additional permissions to other users to manage/run/view the job.

    • If "Can Manage" permission is given to the other users, that user can Edit the job including the Run-As parameter to themselves.
    • If "Can Manage Run" permission is given to the other users, then that user cannot edit the job, but can run/cancel/view jobs execution. 
    • If "Can View" permission is given to other users, then that use can view the job logs and cannot run/cancel execution.

I have a questions about below: 

In case primary user grant "Can Manage"/ "Run" Permission on the job they own to secondary user

Do we know if "Can Manage" Permission on Job of Cluster will run the job as primary user even incase it is run by Secondary user?

Do we know if "Run" Permission on Job of Cluster will run the job as primary user even incase it is run by Secondary user?

Thank you

 

I

1 ACCEPTED SOLUTION

Accepted Solutions

Kaniz
Community Manager
Community Manager

Hi @VJ3Let’s delve into the permissions and behaviour of jobs in Databricks when it comes to managing and running them.

  1. “Can Manage” Permission:

    • When a secondary user is granted the “Can Manage” permission on a job owned by the primary user, they gain the ability to:
      • View job details and settings.
      • View results of job runs.
      • View Spark UI and logs for job runs.
      • Run the job.
      • Cancel a running job.
      • Edit job settings (including the Run-As parameter).
      • Delete the job.
      • Modify permissions for other users.
    • However, the crucial point here is that the job will always run as the primary user, regardless of w...1.
    • So, even if the secondary user triggers the job execution, it will execute with the primary user’s identity.
  2. “Run” Permission:

In summary, both “Can Manage” and “Run” permissions do not alter the behaviour of job execution—they always run as the primary user, even if initiated by a secondary user.

Feel free to ask if you have any more questions! 😊

 

View solution in original post

1 REPLY 1

Kaniz
Community Manager
Community Manager

Hi @VJ3Let’s delve into the permissions and behaviour of jobs in Databricks when it comes to managing and running them.

  1. “Can Manage” Permission:

    • When a secondary user is granted the “Can Manage” permission on a job owned by the primary user, they gain the ability to:
      • View job details and settings.
      • View results of job runs.
      • View Spark UI and logs for job runs.
      • Run the job.
      • Cancel a running job.
      • Edit job settings (including the Run-As parameter).
      • Delete the job.
      • Modify permissions for other users.
    • However, the crucial point here is that the job will always run as the primary user, regardless of w...1.
    • So, even if the secondary user triggers the job execution, it will execute with the primary user’s identity.
  2. “Run” Permission:

In summary, both “Can Manage” and “Run” permissions do not alter the behaviour of job execution—they always run as the primary user, even if initiated by a secondary user.

Feel free to ask if you have any more questions! 😊

 
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!