`settings` command group

2025-07-23

Note

This information applies to Databricks CLI versions 0.205 and above. The Databricks CLI is in Public Preview.

Databricks CLI use is subject to the Databricks License and Databricks Privacy Notice, including any Usage Data provisions.

The settings command group within the Databricks CLI contains commands manage workspace-level settings, which control various features and policies that apply across the entire workspace. See Manage your workspace.

databricks settings aibi-dashboard-embedding-access-policy

Controls whether AI/BI published dashboard embedding is enabled, conditionally enabled, or disabled at the workspace level. By default, this setting is conditionally enabled (ALLOW_APPROVED_DOMAINS).

delete - Delete the AI/BI dashboard embedding access policy
get - Retrieve the AI/BI dashboard embedding access policy
update - Update the AI/BI dashboard embedding access policy

databricks settings aibi-dashboard-embedding-access-policy get

Retrieve the AI/BI dashboard embedding access policy. The default setting is ALLOW_APPROVED_DOMAINS, permitting AI/BI dashboards to be embedded on approved domains.

databricks settings aibi-dashboard-embedding-access-policy get [flags]

Options

--etag string

etag used for versioning.

Examples

databricks settings aibi-dashboard-embedding-access-policy get

databricks settings aibi-dashboard-embedding-access-policy update

Update the AI/BI dashboard embedding access policy at the workspace level.

databricks settings aibi-dashboard-embedding-access-policy update [flags]

Options

--json JSON

The inline JSON string or the @path to the JSON file with the request body.

Examples

databricks settings aibi-dashboard-embedding-access-policy update --json '{"access_policy": "ALLOW_ALL"}'

databricks settings aibi-dashboard-embedding-access-policy delete

Delete the AI/BI dashboard embedding access policy, reverting back to the default.

databricks settings aibi-dashboard-embedding-access-policy delete [flags]

Options

--etag string

etag used for versioning.

Examples

databricks settings aibi-dashboard-embedding-access-policy delete

databricks settings aibi-dashboard-embedding-approved-domains

Controls the list of domains approved to host the embedded AI/BI dashboards. The approved domains list can't be mutated when the current access policy is not set to ALLOW_APPROVED_DOMAINS.

delete - Delete AI/BI dashboard embedding approved domains
get - Retrieve the list of domains approved to host embedded AI/BI dashboards
update - Update the list of domains approved to host embedded AI/BI dashboards

Options

Examples

databricks settings aibi-dashboard-embedding-approved-domains get

databricks settings aibi-dashboard-embedding-approved-domains update --json '{"approved_domains": ["example.com", "mydomain.org"]}'

databricks settings automatic-cluster-update

Controls whether automatic cluster update is enabled for the current workspace. By default, it is turned off.

get - Get the automatic cluster update setting
update - Update the automatic cluster update setting

Options

databricks settings automatic-cluster-update get

Gets the automatic cluster update setting.

databricks settings automatic-cluster-update get [flags]

Options

--etag string

etag used for versioning.

Examples

databricks settings automatic-cluster-update get

databricks settings automatic-cluster-update update

Updates the automatic cluster update setting for the workspace. A fresh etag needs to be provided in update requests (as part of the setting field). The etag can be retrieved by making a get request before the update request.

databricks settings automatic-cluster-update update [flags]

Options

--json JSON

The inline JSON string or the @path to the JSON file with the request body.

Examples

databricks settings automatic-cluster-update update --json '{"automatic_cluster_update": {"enabled": true}}'

databricks settings compliance-security-profile

Controls whether to enable the compliance security profile for the current workspace. Enabling it on a workspace is permanent. By default, it is turned off.

Warning

This setting can NOT be disabled once it is enabled.

get - Get the compliance security profile setting
update - Update the compliance security profile setting

Options

Examples

databricks settings compliance-security-profile get

databricks settings compliance-security-profile update --json '{"compliance_security_profile": {"enabled": true}}'

databricks settings dashboard-email-subscriptions

Controls whether schedules or workload tasks for refreshing AI/BI Dashboards in the workspace can send subscription emails containing PDFs and/or images of the dashboard. By default, this setting is enabled (set to true).

delete - Delete the dashboard email subscriptions setting
get - Get the dashboard email subscriptions setting
update - Update the dashboard email subscriptions setting

Options

Examples

databricks settings dashboard-email-subscriptions get

databricks settings dashboard-email-subscriptions update --json '{"dashboard_email_subscriptions": {"enabled": false}}'

databricks settings default-namespace

Configure the default namespace for a Databricks workspace.

Through this command, users can retrieve, set, or modify the default namespace used when queries do not reference a fully qualified three-level name. For example, if you use the API to set retail_prod as the default catalog, then a query SELECT * FROM myTable would reference the object retail_prod.default.myTable (the schema default is always assumed).

Note

This setting requires a restart of clusters and SQL warehouses to take effect. Additionally, the default namespace only applies when using Unity Catalog-enabled compute.

delete - Delete the default namespace setting
get - Get the default namespace setting
update - Update the default namespace setting

Options

Examples

databricks settings default-namespace get

databricks settings default-namespace update --json '{"namespace": {"value": "retail_prod"}}'

databricks settings default-namespace delete

databricks settings disable-legacy-access

Disabling legacy access has the following impacts:

Disables direct access to Hive Metastores from the workspace. However, you can still access a Hive Metastore through Hive Metastore federation.
Disables fallback mode on external ___location access from the workspace.
Disables Databricks Runtime versions prior to 13.3 LTS.
delete - Delete legacy access disablement status
get - Retrieve legacy access disablement status
update - Update legacy access disablement status

Options

Examples

databricks settings disable-legacy-access get

databricks settings disable-legacy-access update --json '{"disable_legacy_access": {"disabled": true}}'

databricks settings enable-export-notebook

Controls whether users can export notebooks and files from the Workspace UI. By default, this setting is enabled.

get-enable-export-notebook - Get the notebook and file exporting setting
patch-enable-export-notebook - Update the notebook and file exporting setting

Options

Examples

databricks settings enable-export-notebook get-enable-export-notebook

databricks settings enable-export-notebook patch-enable-export-notebook --json '{"allow_missing": true, "setting": {"enabled": false}}'

databricks settings enable-notebook-table-clipboard

Controls whether users can copy tabular data to the clipboard via the UI. By default, this setting is enabled.

get-enable-notebook-table-clipboard - Get the results table clipboard features setting
patch-enable-notebook-table-clipboard - Update the results table clipboard features setting

Options

Examples

databricks settings enable-notebook-table-clipboard get-enable-notebook-table-clipboard

databricks settings enable-notebook-table-clipboard patch-enable-notebook-table-clipboard --json '{"allow_missing": true, "setting": {"enabled": false}}'

databricks settings enable-results-downloading

Controls whether users can download notebook results. By default, this setting is enabled.

get-enable-results-downloading - Get the notebook results download setting
patch-enable-results-downloading - Update the notebook results download setting

Options

Examples

databricks settings enable-results-downloading get-enable-results-downloading

databricks settings enable-results-downloading patch-enable-results-downloading --json '{"allow_missing": true, "setting": {"enabled": false}}'

databricks settings enhanced-security-monitoring

Controls whether enhanced security monitoring is enabled for the current workspace. If the compliance security profile is enabled, this is automatically enabled. By default, it is disabled. However, if the compliance security profile is enabled, this is automatically enabled.

If the compliance security profile is disabled, you can enable or disable this setting and it is not permanent.

get - Get the enhanced security monitoring setting
update - Update the enhanced security monitoring setting

Options

Examples

databricks settings enhanced-security-monitoring get

databricks settings enhanced-security-monitoring update --json '{"enhanced_security_monitoring": {"enabled": true}}'

databricks settings restrict-workspace-admins

The Restrict Workspace Admins setting lets you control the capabilities of workspace admins. With the setting status set to ALLOW_ALL, workspace admins can create service principal personal access tokens on behalf of any service principal in their workspace. Workspace admins can also change a job owner to any user in their workspace. And they can change the job run_as setting to any user in their workspace or to a service principal on which they have the Service Principal User role.

With the setting status set to RESTRICT_TOKENS_AND_JOB_RUN_AS, workspace admins can only create personal access tokens on behalf of service principals they have the Service Principal User role on. They can also only change a job owner to themselves. And they can change the job run_as setting to themselves or to a service principal on which they have the Service Principal User role.

delete - Delete the restrict workspace admins setting
get - Get the restrict workspace admins setting
update - Update the restrict workspace admins setting

Options

Examples

databricks settings restrict-workspace-admins get

databricks settings restrict-workspace-admins update --json '{"restrict_workspace_admins": {"status": "RESTRICT_TOKENS_AND_JOB_RUN_AS"}}'

databricks settings restrict-workspace-admins delete

databricks settings sql-results-download

Controls whether users within the workspace are allowed to download results from the SQL Editor and AI/BI Dashboards UIs. By default, this setting is enabled (set to true).

delete - Delete the SQL Results Download setting
get - Get the SQL Results Download setting
update - Update the SQL Results Download setting

Options

Examples

databricks settings sql-results-download get

databricks settings sql-results-download update --json '{"sql_results_download": {"enabled": false}}'

databricks settings sql-results-download delete

Global flags

--debug

Whether to enable debug logging.

-h or --help

Display help for the Databricks CLI or the related command group or the related command.

--log-file string

A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.

--log-format format

The log format type, text or json. The default value is text.

--log-level string

A string representing the log format level. If not specified then the log format level is disabled.

-o, --output type

The command output type, text or json. The default value is text.

-p, --profile string

The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.

--progress-format format

The format to display progress logs: default, append, inplace, or json

-t, --target string

If applicable, the bundle target to use