Pool access control


This feature is in Public Preview.


Access control is available only in the Premium plan.

With pool access control, permissions determine a user’s abilities. This article describes the individual permissions and how to configure pool access control.

Before you can use pool access control, a Databricks workspace admin must enable it for the workspace. See Enable access control.

Pool permissions

There are three permission levels for a pool: No Permissions, Can Attach To, and Can Manage. The table lists the abilities for each permission.


No Permissions

Can Attach To

Can Manage

Attach cluster to pool



Delete pool


Edit pool


Modify pool permissions


Configure pool permissions

To give a user or group permission to manage pools or attach a cluster to a pool using the UI, at the bottom of the pool configuration page, select the Permissions tab. You can:

  • Select users and groups from the Select User or Group drop-down and assign permission levels for them.

  • Update pool permissions for users and groups that have already been added, using the drop-down menu beside a user or group name.

Assign pool permissions


You can also give a user or group permission to manage pools or attach a cluster to a pool using the Permissions API.

The only way to grant a user or group permission to create a pool is through the Workspace-level SCIM APIs. Follow the Workspace Groups API documentation and grant the group the allow-instance-pool-create entitlement.

Terraform integration

You can manage permissions in a fully automated setup using Databricks Terraform provider and databricks_permissions:

resource "databricks_group" "auto" {
  display_name = "Automation"

resource "databricks_group" "eng" {
  display_name = "Engineering"

data "databricks_node_type" "smallest" {
    local_disk = true

resource "databricks_instance_pool" "this" {
  instance_pool_name                    = "Reserved Instances"
  idle_instance_autotermination_minutes = 60
  node_type_id                          = data.databricks_node_type.smallest.id
  min_idle_instances                    = 0
  max_capacity                          = 10

resource "databricks_permissions" "pool_usage" {
  instance_pool_id = databricks_instance_pool.this.id

  access_control {
    group_name       = databricks_group.auto.display_name
    permission_level = "CAN_ATTACH_TO"

  access_control {
    group_name       = databricks_group.eng.display_name
    permission_level = "CAN_MANAGE"