Workspaces created before 3.28 was released maintain the permissions that were already in place. Admins must explicitly grant the Can Use permission to a user, a group, or to all users by granting it to the users group. For workspaces created after the release of Azure Databricks platform version 3.28 (Sept 9-15, 2020) by default no non-admin user or group is granted the Can Use permission.
To render the OpenAPI in HTML or import into other tools, see Token Management API 2.0.įor example, to enable the feature: curl -X PATCH -n \Ī user can have one of the following token permissions:Ĭan Use – Whether a user can use personal access tokens. In a JSON request body, specify enableTokensConfig as true (enabled) or false (disabled). To enable or disable the token management feature for a workspace, call the workspace configuration for tokens API ( PATCH /workspace-conf). You can also use the REST API to make this change. See Control who can use or create tokens. If you want to disable token access for a subset of users, you can keep token-based authentication enabled for the workspace and then set fine-grained permissions for users and groups. If tokens are re-enabled later, any non-expired tokens are immediately available for use. No tokens are deleted when you disable token-based authentication for a workspace. To use token-based authentication for a REST API request, see Authentication using Azure Databricks personal access tokens. This change may take a few seconds to take effect.
To learn how to access and authenticate to the API, see Authentication using Azure Databricks personal access tokens.
The APIs are published on each workspace instance. When the ability to generate personal access tokens is enabled for your workspace, by default all users in your Azure Databricks workspace can generate personal access tokens to access Azure Databricks REST APIs, and they can generate these tokens with any expiration date they like, including an indefinite lifetime.Īs an Azure Databricks admin, you can use the Token Management API 2.0 and Permissions API 2.0 to control token usage at a more fine-grained level. If your workspace uses Azure Active Directory tokens, the instructions in this article do not apply. You can also enable Azure Databricks users to use Azure Active Directory tokens for REST API access instead of Azure Databricks personal access tokens.