cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way that admins can restrict users to install libraries on clusters and notebooks?

morganmazouchi
New Contributor III
New Contributor III
 
1 ACCEPTED SOLUTION

Accepted Solutions

morganmazouchi
New Contributor III
New Contributor III

I found the answer to my question for how to restrict library installation both on clusters and notebooks and posting it here for others reference: we can restrict outbound access to the public pypi at the workspace level using these instructions https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#...

View solution in original post

7 REPLIES 7

Kaniz
Community Manager
Community Manager

Hi @ User16210360531609522527! My name is Kaniz, and I'm the technical moderator here. Great to meet you, and thanks for your question! Let's see if your peers on the community have an answer to your question first. Or else I will follow up shortly with a response.

-werners-
Esteemed Contributor III

you can assign permissions to (existing) clusters.

There are 4 kinds of permissions:

  • no permission (says enough I think)
  • Can Attach To: attach a notebook (and display logs)
  • Can Restart: same as above with stop/start/restart
  • Can Manage: same as Restart but with cluster resize and library install

So basically if you assign Attach or Restart permissions, the user is not allowed to install libraries.

That is only allowed with the Manage permission.

https://docs.microsoft.com/en-us/azure/databricks/security/access-control/cluster-acl#cluster-level-...

morganmazouchi
New Contributor III
New Contributor III

I found the answer to my question for how to restrict library installation both on clusters and notebooks and posting it here for others reference: we can restrict outbound access to the public pypi at the workspace level using these instructions https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#...

With it being restricted at the cluster level as well how are you installing libraries that need to be added adhoc? Did you block the entire pypi domain?

Admin can set up a connection to Azure Artifactory/Jfrog Artifactory or other artifactories of required libraries for the workloads.

Anonymous
Not applicable

@Mojgan Mazouchi​ - I'm so glad you found the answer and shared it with us. Thank you!

Sebastian
Contributor

one way to manage is make the cluster permission only to can restart and then use an init script to install libraries on start up so that users wont install libraries on the fly.

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!