Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Consumer access is a workspace entitlement that gives users access to workspace-level Genie One. When users with consumer access sign in, they are directed to Genie One instead of the standard Azure Databricks workspace, where they can discover and interact with dashboards, Genie Spaces, and Databricks Apps shared with them. Account-level Genie One is available to all Azure Databricks account users and does not require this entitlement. See Account-level Genie One.
This page explains how workspace admins can grant consumer access, outlines the capabilities and restrictions for users with this entitlement, and describes relevant data governance controls.
Consumer access capabilities
Consumer access is a workspace entitlement that workspace admins can assign to individual users or user groups. It adds business users to the workspace under a unified permissions model, but restricts their permissions so they can't create workspace objects. Because entitlements are additive, users benefit from the consumer experience only if consumer access is their sole entitlement within the workspace. Assigning additional workspace entitlements overrides the simplified consumer experience. After you migrate a workspace to the new system group behavior, you select each principal's entitlements when you add them, so you can add consumer-only users without granting authoring permissions. See Migrate workspace entitlement control.
Users with only the consumer access entitlement receive:
- Access to Genie One, a simplified workspace interface focused on consuming dashboards, Genie Spaces, and Databricks Apps shared with them.
- Membership in the workspace’s users system group, displayed as the
usersgroup in the UI. - Eligibility to be granted access to SQL warehouses for use with third-party BI tools, such as Power BI and Tableau. However, consumer access users cannot view SQL warehouses or Query History, even if permissions on compute and data have been granted.
Users with only consumer access cannot create new objects in the workspace.
Important
Until your workspace migrates to the new entitlement behavior, users with consumer access also inherit all entitlements granted to the users system group. If that group grants elevated privileges such as workspace access or Databricks SQL access, consumer users receive those privileges too. When you migrate, Azure Databricks automatically moves those entitlements to a new group and you select each principal's entitlements individually going forward. This change is enforced for all workspaces on September 14, 2026. See Migrate workspace entitlement control.
To grant consumer access to an individual user, assign the Consumer access entitlement in workspace settings. See Manage entitlements. To add consumer access users at scale, sync groups from your identity provider using automatic identity management. See Automatic identity management.
Data governance
Consumer access users are members of the workspace and work within the unified data access controls you've set up using Unity Catalog. They can view and run dashboards, Genie Spaces, and Databricks Apps shared specifically with them or shared with a group in which they are a member. If the sharing user has selected the option to use the viewer's data credentials with their Unity Catalog privileges apply. They can also be assigned permissions to use Unity Catalog-governed data in third-party BI tools.
Every Genie One interaction respects Unity Catalog permissions. When users connect external knowledge sources such as Google Drive or SharePoint, Genie One honors those sources' permissions as well.