Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Consumer access is a workspace entitlement that gives users access to Genie. When users with consumer access sign in, they are directed to Genie instead of the standard Azure Databricks workspace, where they can discover and interact with dashboards, Genie Spaces, and Databricks Apps shared with them.
This page explains how workspace admins can grant consumer access, outlines the capabilities and restrictions for users with this entitlement, and describes relevant data governance controls.
Consumer access capabilities
Consumer access is a workspace entitlement that workspace admins can assign to individual users or user groups. It allows you to add business users to the workspace align permissions with a unified permissions model, but restrict their permissions so that they cannot create workspace objects. Because entitlements are additive, users benefit from the consumer experience only if consumer access is their sole entitlement within the workspace. Assigning additional workspace entitlements overrides the simplified consumer experience. To learn how to change the default workspace access to Consumer access, see Change default workspace access to consumer access.
Users with only the consumer access entitlement receive:
- Access to Genie, a simplified workspace interface focused on consuming dashboards, Genie Spaces, and Databricks Apps shared with them.
- Membership in the workspace’s users system group, displayed as the All workspace users group in the UI.
- Eligibility to be granted access to SQL warehouses for use with third-party BI tools, such as Power BI and Tableau. However, consumer access users cannot view SQL warehouses or Query History, even if permissions on compute and data have been granted.
Users with only consumer access cannot create new objects in the workspace.
Important
Users with consumer access inherit all entitlements assigned to the users system group. If this group is used to grant elevated privileges, such as workspace access or Databricks SQL access, move those grants to a different group to prevent privilege escalation. See Change default workspace access to consumer access.
To add consumer access users at scale, sync groups from your identity provider using automatic identity management. See Automatic identity management.
Data governance
Consumer access users are members of the workspace and work within the unified data access controls you've set up using Unity Catalog. They can view and run dashboards, Genie Spaces, and apps shared specifically with them or shared with a group in which they are a member. If the sharing user has selected the option to use the viewer's data credentials with thier Unity Catalog privileges apply. They can also be assigned permissions to use Unity Catalog-governed data in third-party BI tools.