Connector Improvement: Least Scope Permissions for Databricks Connector
Completed
I hope that when using Databricks as a connector, it will be improved so that it can operate with permissions only for specific schemas.
When setting up the Databricks connector, I need USE SCHEMA permission for all schemas in the catalog. If there are schemas without permission, validation will fail and setup cannot be completed.
However, in the Databricks I use, the schemas that Fivetran users can reference should be the smallest possible range, and there are schemas for which permissions cannot be granted. The schemas and tables to actually be synchronized can be selected arbitrarily in steps after validation, but the fact that schemas and tables are displayed here is problematic from a security policy perspective.
-
Official comment
Hi Kazuya,
Thanks for feedback. We are in the process of updating the documentation to clarify the required permissions.
Best,
Egidio -
I granted USE SCHEMA permission for all schemas, but errors continued to occur and I was unable to complete the setup. The new error states that SELECT permission is required for the tables. I believe this will cause the following problems not only for me, but for other users as well:
- The Fivetran documentation does not specifically state the permissions required to set up the Databricks connector. It is not clear what the minimum permissions are.
- If granting SELECT permission for all tables in the catalog is a prerequisite for completing the setup, then it cannot actually be used. Fivetran should allow users connecting to Databricks to set it up within the scope permitted.
Please sign in to leave a comment.
Comments
2 comments