Account Console
You'll understand what the account console manages and how it relates to workspaces and Unity Catalog in ~5 min.
Prereqs: none
The call
The account console is the one place you provision workspaces, manage identity, assign metastores, and watch costs across the whole deployment. Without it, every workspace becomes its own island with its own users, permissions, and billing. Treat it as the control plane and keep account-level changes here, not scattered across individual workspaces.
Mental model
The account console is to Databricks what the AWS console, Azure portal, or GCP cloud console is to your cloud provider. It sits above the individual workspaces and owns everything that spans them.
How it works
Account-level objects
From the account console you provision and manage:
- Workspaces: deploy new environments, monitor status, assign regions.
- Unity Catalog metastores: create and attach the governance layer to workspaces.
- Users, groups, and service principals: centralized identity that syncs down to workspaces.
- Billing and budgets: track DBU consumption, set spend alerts.
- SCIM and SSO: automate user provisioning and enforce single sign-on.
How objects relate
The diagram below shows how account-level objects (metastores, workspaces, identity) connect underneath.
One account can own many workspaces. Each workspace in a region attaches to one metastore. Users and groups defined at the account level are available to any workspace they're assigned to.
When to use which
Use the account console when you need to create or delete a workspace, set up SSO or SCIM for automated provisioning, view billing across workspaces, or create and assign a Unity Catalog metastore.
Use the workspace UI instead for the actual data work: notebooks, jobs, and queries all run inside a workspace, not in the account console.
Common pitfalls
Confusing account admin with workspace admin
Account admins manage workspaces, identity, and billing. Workspace admins manage objects inside one workspace. Hand someone account-admin rights when they only need workspace access and you've over-privileged them.
Key terms
| Term | Definition |
|---|---|
| Account console | The Databricks admin portal that manages resources spanning multiple workspaces. |
| Account admin | A role with full control over the Databricks account: workspaces, identity, billing, and metastores. |
| Workspace admin | A role with admin control scoped to a single workspace. |
| SCIM | System for Cross-domain Identity Management. Automates user and group sync from your identity provider to Databricks. |
Next
- Do next: Workspace
- Learn why: Unity Catalog
- Reference: Manage your Databricks account