cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Can I disable the workspace directory for specific user groups?

Chris_Shehu
Valued Contributor III

We want to use the REPO directory in our production environment only and have a dev environment with less restrictions. If I use the checkbox on the group admin screen to disable workspace access, it locks out the entire Data Engineering section.

1 ACCEPTED SOLUTION

Accepted Solutions

Chris_Shehu
Valued Contributor III

So I found a way to get 85% of the way there:

1) Disable workspace access for the users group.

2) Create a new group or use another group that you created for the next step.

3) Go to the workspace and right click on whitespace in the root directory.

4) Add the new group/existing group with Read access.

image 

This locks it so that new files can't be created or edited but the exception is the user's personal folder.

The permissions for that are greyed out and can't be changed.

image 

So I proposed an idea to either have the ability to turn off personal folders or to modify the permissions.

see: https://feedback.azure.com/d365community/idea/70547d9f-464d-ec11-a819-0022484e8090

View solution in original post

7 REPLIES 7

Anonymous
Not applicable

@Christopher Shehu​ - Hello again! Thank you for this question. It sounds like an interesting one!

Prabakar
Esteemed Contributor III

Hi @Christopher Shehu​  Could you please check the below doc and let me know if it helps?

https://docs.databricks.com/repos.html#control-access-to-databricks-repos

User16871418122
Contributor III

You can allow specific git URLs by for commits and push by whitelisting in workspace settings in admin console

Screenshot 2021-11-24 at 12.21.27 PM

Chris_Shehu
Valued Contributor III

Thanks for the answers but I'm looking more for something where you can disable the folder structure and ONLY have a git repo in the databricks PRD environment. That way someone can't bypass the github process to create something in prod.

-werners-
Esteemed Contributor III

I don't think that is possible as a user has always access to his own home folder.

Maybe you can think in another direction, like no access at all on production or user groups or restriction in cluster permissions?

Chris_Shehu
Valued Contributor III

Yeah, that's the conclusion I came to but was hoping I was wrong. Thanks!

Chris_Shehu
Valued Contributor III

So I found a way to get 85% of the way there:

1) Disable workspace access for the users group.

2) Create a new group or use another group that you created for the next step.

3) Go to the workspace and right click on whitespace in the root directory.

4) Add the new group/existing group with Read access.

image 

This locks it so that new files can't be created or edited but the exception is the user's personal folder.

The permissions for that are greyed out and can't be changed.

image 

So I proposed an idea to either have the ability to turn off personal folders or to modify the permissions.

see: https://feedback.azure.com/d365community/idea/70547d9f-464d-ec11-a819-0022484e8090

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group