cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Is there a way that admins can restrict users to install libraries on clusters and notebooks?

Go to solution
morganmazouchi
Databricks Employee
Databricks Employee

โ€Ž09-08-2021 05:43 PM

 
Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
morganmazouchi
Databricks Employee
Databricks Employee

โ€Ž09-09-2021 06:54 AM

I found the answer to my question for how to restrict library installation both on clusters and notebooks and posting it here for others reference: we can restrict outbound access to the public pypi at the workspace level using these instructions https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#...

View solution in original post

6 REPLIES 6

Go to solution
-werners-
Esteemed Contributor III

โ€Ž09-09-2021 06:28 AM

you can assign permissions to (existing) clusters.

There are 4 kinds of permissions:

  • no permission (says enough I think)
  • Can Attach To: attach a notebook (and display logs)
  • Can Restart: same as above with stop/start/restart
  • Can Manage: same as Restart but with cluster resize and library install

So basically if you assign Attach or Restart permissions, the user is not allowed to install libraries.

That is only allowed with the Manage permission.

https://docs.microsoft.com/en-us/azure/databricks/security/access-control/cluster-acl#cluster-level-...

Go to solution
morganmazouchi
Databricks Employee
Databricks Employee

โ€Ž09-09-2021 06:54 AM

I found the answer to my question for how to restrict library installation both on clusters and notebooks and posting it here for others reference: we can restrict outbound access to the public pypi at the workspace level using these instructions https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#...

Go to solution
Chris_Shehu
Valued Contributor III
In response to morganmazouchi

โ€Ž09-13-2021 10:28 AM

With it being restricted at the cluster level as well how are you installing libraries that need to be added adhoc? Did you block the entire pypi domain?

0 Kudos

Go to solution
morganmazouchi
Databricks Employee
Databricks Employee
In response to Chris_Shehu

โ€Ž09-15-2021 03:07 PM

Admin can set up a connection to Azure Artifactory/Jfrog Artifactory or other artifactories of required libraries for the workloads.

0 Kudos

Go to solution
Anonymous
Not applicable

โ€Ž09-09-2021 10:28 AM

@Mojgan Mazouchiโ€‹ - I'm so glad you found the answer and shared it with us. Thank you!

0 Kudos

Go to solution
Sebastian
Contributor

โ€Ž09-13-2021 11:34 AM

one way to manage is make the cluster permission only to can restart and then use an init script to install libraries on start up so that users wont install libraries on the fly.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements