cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Is ABAC feature enabled?

Jerry01
New Contributor III

โ€Ž03-16-2023 03:22 AM

Can anyone please share me the example of how it works in terms of access controls?

Labels:
2 REPLIES 2

Anonymous
Not applicable

โ€Ž03-24-2023 11:38 PM

@Naveena Gโ€‹ :

Yes, Attribute-Based Access Control (ABAC) is a feature that is enabled in Databricks. ABAC allows you to define access policies based on attributes or characteristics of the user or resource being accessed. These attributes can include things like the user's role or department, the resource's location or type, or any other relevant characteristic that you want to use in your access policy.

Here is an example of how ABAC can be used in Databricks for access control:

Suppose you have a Databricks workspace where you want to grant access to specific notebooks based on the department of the user. You can create an ABAC policy that grants access to the notebook based on the department of the user. Here are the steps to create this policy:

  1. Define the attributes: You need to define the attributes that you want to use in your policy. In this example, you can define the department of the user as an attribute.
  2. Define the policy: Once you have defined the attribute, you can create a policy that grants access to the notebook based on the department of the user. For example, you can create a policy that grants read access to a notebook to users in the Finance department.
  3. Assign the policy: Once the policy is created, you can assign it to the notebook. This will ensure that only users in the Finance department can access the notebook.

Example:

import requests
import json
 
# Define the attributes
attributes = {
    "department": "Finance"
}
 
# Define the policy
policy = {
    "action": "read",
    "resource": {
        "type": "notebook",
        "path": "/path/to/notebook"
    },
    "condition": {
        "attribute": "department",
        "operator": "equals",
        "value": "Finance"
    }
}
 
# Assign the policy to the notebook
response = requests.put(
    "https://<databricks-instance>/api/2.0/preview/permissions/notebooks/acl/path/to/notebook",
    headers={"Authorization": "Bearer <access-token>"},
    json={"access_control_list": [policy]}
)

This example creates an ABAC policy that grants read access to a notebook located at /path/to/notebook to users in the Finance department. The policy is assigned to the notebook using the Databricks API.

0 Kudos

Anonymous
Not applicable

โ€Ž03-25-2023 03:48 AM

Hi @Naveena Gโ€‹ 

Thank you for posting your question in our community! We are happy to assist you.

To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?

This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance! 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements