Databricks

marcus1 · ‎10-14-2022

We have enabled Cluster, Pool and Job access, and non-job owners can not run a job even though they are administrators. This disables users from creating cluster resources.

When a non-owner of a job attempts to run, they get a permission denied.

My understanding is admins should always be able to run jobs no matter who the owner is, however this is not what we're observing. Even though we've specified all users/groups who "Can Manage" the job they are still not able to run. Only the owner can.

We also see that the job definition itself has an attribute "run_as_owner" always set to true - appears not to be modifiable from the UI. Is it possible to modify it through the api?

We have additionally created a cluster policy that allows creation of cluster resources. If the job's cluster policy includes this, then rather than unrestricted, then non-owners can run it.

Setting the cluster policy on each job's cluster is fine, however just wanted an explanation on the above.

Thank you!

Debayan · ‎10-18-2022

Hi @Marcus Simonsen , could you please check on this: https://docs.databricks.com/security/access-control/jobs-acl.html and let us know if this helps.

If it is not happening as per as it is mentioned above, you can raise a support case with all the job IDs, we can triage on the issue and update accordingly.

Anonymous · ‎11-25-2022

Hi @Marcus Simonsen

Hope all is well!

Just wanted to check in if you were able to resolve your issue and would you be happy to share the solution or mark an answer as best? Else please let us know if you need more help.

We'd love to hear from you.

Thanks!

Databricks

Running jobs as a non-job owner

Supercharge Your Code Generation

Registration now open! Databricks Data + AI Summit 2024

Deploying Third-party models securely with the Databricks Data Intelligence Platform and HiddenLayer

Accelerating the Scientific AI Revolution

Exciting Announcement: Introducing our Learning Library!