# Databricks Account Console Walkthrough

**Objective:** Understand the "Account Console," which is the centralized management plane for all your Databricks workspaces, users, and billing. This is distinct from the specific "Workspace UI" where data engineering work happens.

---

## 1. Accessing the Account Console

The URL for the Account Console depends on your cloud provider:

| Cloud Provider | URL |
| :--- | :--- |
| **Azure** | `https://accounts.azuredatabricks.net` |
| **AWS** | `https://accounts.cloud.databricks.com` |
| **GCP** | `https://accounts.gcp.databricks.com` |

*Note: You log in using the same credentials (e.g., Azure Entra ID) used to create the workspace.*

## 2. Key Sections of the Account Console

### A. Workspaces Tab
This view lists all the workspaces associated with your account (e.g., Dev, QA, Prod).
*   **Action:** Click on a specific workspace to view its details.
*   **Configuration:** You can manage the Metastore assignment (Unity Catalog) and Security settings here.
*   **Permissions:** Determine *who* can access this specific workspace (e.g., restrict Prod workspace to specific users).

### B. User Management (IAM)
This is where you manage identities at a global level.

1.  **Users:** Lists users synced from your identity provider (e.g., Azure Active Directory / Entra ID).
    *   *Role:* You can assign the **Account Admin** role here.
2.  **Service Principals:** "Robot Accounts" used for automation and running production jobs.
    *   *Best Practice:* Never use a personal user account for production jobs. If that user leaves the company, the job fails. Always use a Service Principal.
3.  **Groups:** Used to manage permissions at scale.
    *   *Example:* Create an "HR-Group" and an "Engineering-Group". Assign permissions to the group rather than 100 individual users.

### C. Catalog (Unity Catalog)
*   This section is used to create and manage **Metastores**.
*   A Metastore is the top-level container for data in Unity Catalog.
*   *Note:* We will set this up in the next session.

### D. Settings & Feature Enablement
*   **Feature Enablement:** This tab controls global features.
*   **Serverless Compute:** By default, Serverless features (for SQL, Notebooks, Workflows) might be **Disabled**.
    *   *Action:* To use Serverless, an Account Admin must explicitly enable it here.

In [None]:
# Concept Verification: User vs. Service Principal

def verify_identity_type(identity_name):
    if "app" in identity_name or "sp" in identity_name or "client-id" in identity_name:
        return "Service Principal (Robot Account) - Recommended for Jobs"
    else:
        return "User Account (Human) - Recommended for Development only"

# Example Scenario
print(f"User 'john.doe@company.com': {verify_identity_type('john.doe@company.com')}")
print(f"ID 'sp-etl-pipeline-01': {verify_identity_type('sp-etl-pipeline-01')}")

## 3. Hierarchy Recap

It is crucial to understand the relationship between these entities:

1.  **Account Console** (Top Level)
    *   Manages **Users, Groups, Service Principals**.
    *   Manages **Billing & Unity Catalog Metastores**.
    *   Contains multiple **Workspaces**.
2.  **Workspace** (Child Level)
    *   Inherits Users/Groups from the Account.
    *   Where code, clusters, and jobs actually run.

---

## Next Steps
Now that we have explored the Account Console, in the next session, we will configure the most important component for Data Governance: **Unity Catalog**. We will create a Metastore and link it to our Workspace.