Capabilities
Provisioning
AccessOwl creates user accounts with the specified roles and permissions during access requests.
Deprovisioning
AccessOwl deletes users from your Databricks account during access revocations.
Prerequisites
- Account admin access in Databricks, so you can invite the integration account.
Setup
Add Databricks in AccessOwl
Either add a new application or open Applications and click the +-symbol, then continue.
Invite the integration account as Account Admin
AccessOwl shows you the integration account’s email address. In Databricks:
- Log in to the account console.
- In the sidebar, click User management.
- On the Users tab, click Add user.
- Enter the integration account’s email address and click Add user.
- Grant the integration account the Account admin role.
The integration account requires the Account admin role so it can add and delete users across all workspaces in your Databricks account.
FAQ
What is the difference between deactivating and deleting a user in Databricks?
What is the difference between deactivating and deleting a user in Databricks?
Databricks supports both deactivation and deletion. Deactivation prevents a user from authenticating but preserves their permissions and objects, so they can be restored later. Deletion is permanent and causes jobs owned by the user to fail, clusters to stop, and shared queries or dashboards to lose their owner. AccessOwl uses deletion during deprovisioning, so assets owned by the user should be reassigned before revoking access if continuity matters.