Provision users and groups from AAD to Azure Databricks (part 4)

by Jan 23, 2023

In the previous blog, you created the metastore in your Azure Databricks account to assign an Azure Databricks Workspace. In this blog, you will learn how to assign Users and Groups to an Azure Databricks Workspace and define the correct entitlements.

You need to assign the synced groups to your Azure Databricks workspace, this needs to be done for every workspace. That’s one of the reasons to create groups of users for every environment.

SG_DATABRICKS_USERS_DVLM: for the users which are allowed to use the Development environment.

SG_DATABRICKS_USERS_PROD: for the users which are allowed to use the Production environment.

SG_DATABRICKS_ACCOUNT_ADMIN: for the users which needs to be assigned the Account Admin role.

You can add the users in both groups, but this way you are already prepared for the future if you still want to separate the users from each other in a later stage.

Azure Databricks Workspace

Log in to your Workspace, in case you’re still logged in, in your account console, you can open the workspace directly from Data setting icon, on the left side.

Once the Workspace is open, select the admin console in the upper right corner.

Select Groups

adb-admin-console

Select add Group.

adb-admin-console-add

Select the groups you want to add one by one.

adb-admin-console-group-add

 

The groups are now visible and you can assign the correct entitlements to the group.

adb-admin-console-entitlement

Workspace access:

  • When granted to a user or service principal, they can access the Data Science & Engineering and Databricks Machine Learning persona-based environments.
  • Can’t be removed from workspace admins.

adb-admin-console-entitlement-enable

Databricks SQL access:

  • When granted to a user or service principal, they can access Databricks SQL.

Allow unrestricted cluster creation:

  • When granted to a user or service principal, they can create clusters. You can restrict access to existing clusters using cluster-level permissions.
  • Can’t be removed from workspace admins

 

Account admins are synced by default to all workspaces.

User added through a group do have separate icon displayed.

add-user-group

Please note that Databricks recommends that you assign group permissions to workspaces, instead assigning workspace permissions to users individually.

In my next blog I will explain how to Add Service Principals to your Azure Databricks account using the account console.

Feel free to leave a comment

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

thirteen + 14 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exploring Azure Synapse Analytics Studio

Azure Synapse Workspace Settings In my previous article, I walked you through "how to create your Azure Synapse Analytics Workspace". It's now time to explore the brand new Synapse Studio. Most configuration and settings can be done through the Synapse Studio. In your...

Azure Data Factory Let’s get started

Creating an Azure Data Factory Instance, let's get started Many blogs nowadays are about which functionalities we can use within Azure Data Factory. But how do we create an Azure Data Factory instance in Azure for the first time and what should you take into account? ...

Azure SQL Data Warehouse: How to setup Reserved Capacity

Purchase your Azure SQL Datawarehouse Reservation   Since a few weeks you can buy Reserved Capacity for an Azure SQL Datawarehouse (SQLDW). This Reservation can save you up to 65% on the normal Pay as You go rates with a 3 year pre-commit. A pre-commit of 1 year...

Get control of data loads in Azure Synapse

Load Source data to DataLake There are several ways to extract data from a source in Azure Synapse Analytics or in Azure Data Factory. In this article I'm going to use a metadata-driven approach by using a control table in Azure SQL in which we configure the...

How to setup Code Repository in Azure Data Factory

Why activate a Git Configuration? The main reasons are: Source Control: Ensures that all your changes are saved and traceable, but also that you can easily go back to a previous version in case of a bug. Continuous Integration and Continuous Delivery (CI/CD): Allows...

Azure Synapse Pause and Resume SQL Pool

Pause or Resume your Dedicated SQL Pool in Azure Synapse Analytics Azure Synapse Analytics went GA in beginning of December 2020, with Azure Synapse we can now also create a Dedicated SQL Pool(formerly Azure SQL DW). Please read this document to learn what a Dedicated...

Connect Azure Databricks to Microsoft Purview

Connect and Manage Azure Databricks in Microsoft Purview This week the Purview team released a new feature, you’re now able to Connect and manage Azure Databricks in Microsoft Purview. This new functionality is almost the same as the Hive Metastore connector which you...

Scale your SQL Pool dynamically in Azure Synapse

Scale your Dedicated SQL Pool in Azure Synapse Analytics In my previous article, I explained how you can Pause and Resume your Dedicated SQL Pool with a Pipeline in Azure Synapse Analytics. In this article I will explain how to scale up and down a SQL Pool via a...

Azure Synapse Analytics Power BI Integration

Creating a Linked Service for Power BI Open your Synapse Studio and select the Management Hub. Add a new Linked Service If you haven't connect to Power BI before, you will see the screen above. If you want to add another Power BI Linked Service(Workspace). Search for...

Azure Synapse Analytics overwrite live mode

Stale publish branch In Azure Synapse Analytics and Azure Data Factory is an new option available "Overwrite Live Mode", which can be found in the Management Hub-Git Configuration. With this new option your can directly overwrite your Azure Synapse Analytics or Azure...