https://community.databricks.com/t5/data-engineering/disable-access-to-mount-point-for-client-code/m-p/14410#M8904 <P>We are building a platform where we automatically execute Databricks jobs using Python packages delivered by our end-users. </P><P></P><P>We want to create a mount point so that we can deliver the cluster's driver logs to an external storage. However, we don't want the client code to have access to this mount point. Because then we can not:</P><UL><LI>guarantee isolation between jobs (the code of one end-user project can read the logs of another project)</LI><LI>ensure immutability to the logs (users can override )</LI></UL><P></P><P>Is it possible to set some access control, so that the cluster can only write the driver logs there?</P> Tue, 27 Dec 2022 13:02:38 GMT Yatoom 2022-12-27T13:02:38Z https://community.databricks.com/t5/data-engineering/disable-access-to-mount-point-for-client-code/m-p/14410#M8904 <P>We are building a platform where we automatically execute Databricks jobs using Python packages delivered by our end-users. </P><P></P><P>We want to create a mount point so that we can deliver the cluster's driver logs to an external storage. However, we don't want the client code to have access to this mount point. Because then we can not:</P><UL><LI>guarantee isolation between jobs (the code of one end-user project can read the logs of another project)</LI><LI>ensure immutability to the logs (users can override )</LI></UL><P></P><P>Is it possible to set some access control, so that the cluster can only write the driver logs there?</P> Tue, 27 Dec 2022 13:02:38 GMT https://community.databricks.com/t5/data-engineering/disable-access-to-mount-point-for-client-code/m-p/14410#M8904 Yatoom 2022-12-27T13:02:38Z https://community.databricks.com/t5/data-engineering/disable-access-to-mount-point-for-client-code/m-p/14411#M8905 <P>It depends which Cloud provider you're using. For AWS S3 you'll need to create IAM role and create a bucket policy that provides access to the role.</P><P></P><P>For Azure Databricks no longer recommends mounting external data locations to Databricks Filesystem (https://docs.databricks.com/external-data/azure-storage.html#deprecated-patterns-for-storing-and-accessing-data-from-databricks) And there's no possibility to manage permissions when using mounts.</P><P></P><P></P> Tue, 27 Dec 2022 13:10:06 GMT https://community.databricks.com/t5/data-engineering/disable-access-to-mount-point-for-client-code/m-p/14411#M8905 daniel_sahal 2022-12-27T13:10:06Z https://community.databricks.com/t5/data-engineering/disable-access-to-mount-point-for-client-code/m-p/14412#M8906 <P>Check with cloud providers </P> Wed, 28 Dec 2022 04:34:51 GMT https://community.databricks.com/t5/data-engineering/disable-access-to-mount-point-for-client-code/m-p/14412#M8906 Aviral-Bhardwaj 2022-12-28T04:34:51Z