หมายเหตุ
การเข้าถึงหน้านี้ต้องได้รับการอนุญาต คุณสามารถลอง ลงชื่อเข้าใช้หรือเปลี่ยนไดเรกทอรีได้
การเข้าถึงหน้านี้ต้องได้รับการอนุญาต คุณสามารถลองเปลี่ยนไดเรกทอรีได้
Important
This feature is in Public Preview in the following regions: westus, westus2, eastus, eastus2, centralus, southcentralus, northeurope, westeurope, australiaeast, brazilsouth, canadacentral, centralindia, southeastasia, uksouth.
This page explains the Postgres roles that you can use to govern access to a Azure Databricks Lakebase database instance, including their privileges, purpose, and configuration.
Pre-created roles
After a database instance is created, Azure Databricks automatically creates a Postgres role for the user who created the instance.
| Role | Description | Inherited privileges |
|---|---|---|
<instance_owner_role> |
The Azure Databricks identity of the instance creator (for example, myuser@databricks.com). This role can log in and administer the instance. |
Member of databricks_superuser |
databricks_superuser |
An internal administrative role. Used to configure and manage access across the instance. This role is granted broad privileges and should not be used in automated applications. | Inherits from pg_read_all_data, pg_write_all_data, and pg_monitor. |
Role capabilities
| Role | LOGIN | CREATEDB | CREATEROLE | BYPASSRLS | Other privileges |
|---|---|---|---|---|---|
databricks_superuser |
NOLOGIN | — | — | — |
|
<instance_owner_role> |
✅ | ✅ | ✅ | ✅ |
|
System roles created by Azure Databricks
In addition to the databricks_superuser and admin roles, Azure Databricks creates system roles required for internal services. These roles are assigned the minimum privileges required for functionality. Modifying them can impact instance behavior.
| Role | Purpose |
|---|---|
databricks_control_plane |
Used by internal Databricks components for management operations |
databricks_monitor |
Used by internal metrics collection services |
databricks_writer_<dbid> |
Per-database role used to create and manage synced tables |
databricks_reader_<dbid> |
Per-database role used to read tables registered in Unity Catalog |
databricks_gateway |
Used for internal connections for managed data serving services |
To learn how roles, privileges, and role memberships work in Postgres, use the following resources in the Postgres documentation: