Connector Improvement: Databricks - Allow Service Principals for Authentication
Completed
Currently, the only way to configure a Databricks destination is using a Personal Access Token (PAT) which has to be linked to a Databricks user. This forces the creation of dependencies on people and the risk that accompany that. It would be great if it's possible to use service principals instead so that the services can be defined and operated without concern.
The PAT method causes lots of issues and risks but the main ones to highlight for us are:
- We have a dedicated Fivetran catalog that only Fivetran can write to. We now have to have at least one person on the team with write access so that their PAT can be used for Fivetran auth
- That user is now shown as the creator of all Fivetran tables and schemas which means they implicitly become the contact person across the company because their name is on it. Even if they have nothing to do with that connector...
-
Official comment
Hi Ehab,
As you noted, we also support OAuth for service principals. Let us know if have further questions.
Best,
-
It seems OAUTH support has been added to the API and UI now. Just waiting on Terraform support :)
-
You can create on-behalf PATs for service principals: https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken
Please sign in to leave a comment.
Comments
3 comments