Hi @murtadha_s
Can you please clarify what you are after? The second part of your question sounded more like a statement: "but currently I need to apply my ACL at every created job/cluster separately," and that confused me a bit.
To make sure we point you to the best option... how are you creating your jobs and clusters today (UI, REST, Terraform, bundles), and what default ACL behaviour are you trying to enforce (for example, always granting a specific group CAN_VIEW or CAN_MANAGE)?
Just so that you know, there isnโt currently a way to define a workspaceโwide "default ACL" for all new jobs and clusters via cluster policies. Policies control which config options users can set (instance types, runtime, autoscaling, etc.), but they donโt set object permissions.
When it comes to Jobs, if Job ACLs are enabled in the workspace, you can pass an access_control_list when creating jobs through the REST API/SDK (/api/2.1/jobs/create or /jobs/runs/submit). That lets you apply a consistent ACL pattern at creation time. The jobโs ACLs also govern the associated job clusters, so you donโt need a separate ACL template for those.
For allโpurpose (interactive) clusters, thereโs no builtโin default ACL template. The usual approach is to enforce a pattern via the Permissions API / Terraform / Databricks bundles when clusters are created, rather than via cluster policy.
If this answer resolves your question, could you mark it as โAccept as Solutionโ? That helps other users quickly find the correct fix.
Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***
