启用访问控制Enable access control

在 Azure Databricks 中,可以使用访问控制列表 (ACL) 来配置访问数据表、群集、池、作业和工作区对象(如笔记本、试验和文件夹)的权限。In Azure Databricks, you can use access control lists (ACLs) to configure permission to access data tables, clusters, pools, jobs, and workspace objects like notebooks, experiments, and folders.

所有管理员用户都可以管理访问控制列表,被授予访问控制列表委托管理权限的用户也可以进行此类管理。All admin users can manage access control lists, as can users who have been given delegated permissions to manage access control lists.

本部分介绍管理员用户为启用和禁用访问控制而执行的任务。This section describes the tasks that admin users perform to enable and disable access control.

备注

只能在 Azure Databricks Premium 计划中进行表、群集、池、作业和工作区访问控制。Table, cluster, pool, job, and workspace access control are available only in the Azure Databricks Premium Plan.

管理员还可以通过允许或禁止用户生成访问令牌来管理对 Azure Databricks REST API 的访问。An admin can also manage access to Azure Databricks REST APIs by giving or denying users the ability to generate access tokens.

具有适当权限的 Azure 管理员可以配置 Azure Active Directory 条件访问 ,以控制允许用户登录 Azure Databricks 的位置和时间,并启用 Azure Data Lake Storage 凭据直通验证(这使用户可以使用其用于登录 Azure Data Lake Storage 的相同 Azure Databricks 标识从 Azure Active Directory 群集向 Azure Data Lake Storage 进行身份验证)。An Azure administrator with the proper permissions, can configure Azure Active Directory conditional access to control where and when users are permitted to sign in to Azure Databricks and enable Azure Data Lake Storage credential passthrough, which allows users to authenticate to Azure Data Lake Storage from Azure Databricks clusters using the same Azure Active Directory identity that they use to log into Azure Databricks.

本部分的内容:This section covers: