Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
This feature is in Public Preview in the following regions: westus, westus2, eastus, eastus2, centralus, southcentralus, northeurope, westeurope, australiaeast, brazilsouth, canadacentral, centralindia, southeastasia, uksouth.
This page explains the Postgres roles that you can use to govern access to a Azure Databricks Lakebase database instance, including their privileges, purpose, and configuration.
Pre-created roles
After a database instance is created, Azure Databricks automatically creates a Postgres role for the user who created the instance.
| Role | Description | Inherited privileges |
|---|---|---|
<instance_owner_role> |
The Azure Databricks identity of the instance creator (for example, myuser@databricks.com). This role can log in and administer the instance. |
Member of databricks_superuser |
databricks_superuser |
An internal administrative role. Used to configure and manage access across the instance. This role is granted broad privileges and should not be used in automated applications. | Inherits from pg_read_all_data, pg_write_all_data, and pg_monitor. |
Role capabilities
| Role | LOGIN | CREATEDB | CREATEROLE | BYPASSRLS | Other privileges |
|---|---|---|---|---|---|
databricks_superuser |
NOLOGIN | — | — | — |
|
<instance_owner_role> |
✅ | ✅ | ✅ | ✅ |
|
System roles created by Azure Databricks
In addition to the databricks_superuser and admin roles, Azure Databricks creates system roles required for internal services. These roles are assigned the minimum privileges required for functionality. Modifying them can impact instance behavior.
| Role | Purpose |
|---|---|
databricks_control_plane |
Used by internal Databricks components for management operations |
databricks_monitor |
Used by internal metrics collection services |
databricks_writer_<dbid> |
Per-database role used to create and manage synced tables |
databricks_reader_<dbid> |
Per-database role used to read tables registered in Unity Catalog |
databricks_gateway |
Used for internal connections for managed data serving services |
To learn how roles, privileges, and role memberships work in Postgres, use the following resources in the Postgres documentation: