Concepts

Connecting Pgcli to Databricks with Access Control

Andrios Robert

16 Oct 2025 • 1 min read

The connection failed. The terminal went silent. You needed Pgcli to talk to your Databricks cluster, but Access Control stopped you cold.

Pgcli is a fast, interactive Postgres client. Databricks Access Control governs who can connect, what they can query, and how data stays secure. When these two meet, configuration matters. Without the right permissions, your SQL calls die before they reach the warehouse.

First, confirm that your Databricks workspace has SQL warehouses configured. Pgcli can only connect to a JDBC endpoint. In Databricks, go to SQL Warehouses and copy the JDBC URL. Ensure the warehouse is running before testing the connection.

Next, check Access Control settings. In the Databricks Admin Console, open “Permissions” for the target warehouse. Assign the right roles — typically CAN_USE — to the service account or personal user that Pgcli will use. If you need granular restrictions, create a group, grant it least-privilege permissions, and connect via that group’s credentials.

Generate a personal access token under your account settings. Pgcli supports passing this token as a password with the -u flag for username (set to token) and the -p flag. Example:

pgcli -h <hostname from JDBC URL> -p <port> -U token --password <personal_access_token> -d <database>

If your Databricks workspace enforces table-level ACLs, verify that the connected identity has privileges to SELECT from the target schema. Even with warehouse access, Pgcli queries fail when table-level grants are missing. Use:

SHOW GRANTS ON TABLE your_table;

Troubleshooting common issues:

Connection timeouts: check firewall rules or security groups around Databricks.
Authentication errors: regenerate tokens, confirm they are active.
Permission denied: reassign warehouse or table privileges to the correct principal.

Pgcli with Databricks Access Control is about precision. Tight permissions improve security but demand exact configuration. Once the roles, tokens, and endpoints align, Pgcli becomes a fast window into your Databricks data without compromising access policies.

Want to skip the manual setup and see secure Databricks queries from Pgcli in minutes? Visit hoop.dev and get it running live before your next coffee.

Sign up for more like this.