https://community.databricks.com/t5/data-governance/heads-up-collaborator-with-read-on-secret-scope-could-delete-a/m-p/135567#M2641 <P>Hi Databricks team,</P><P>Quick heads-up and request for guidance. While collaborating on a notebook <STRONG>in my personal workspace</STRONG>, a colleague who had <STRONG>READ</STRONG> permission on a workspace-backed Secret Scope was able to <STRONG>delete a secret key</STRONG> via terminal/CLI from the shared notebook’s attached cluster.</P><P>I’m not sure if this is expected or a misconfiguration, but it felt like a privilege escalation tied to sharing from a personal workspace.</P><P><STRONG>What we saw (brief):</STRONG></P><UL><LI><P>Scope: workspace-backed, colleague explicitly <STRONG>READ</STRONG> only</P></LI><LI><P>Context: notebook shared from <STRONG>my personal workspace</STRONG></P></LI><LI><P>Action: databricks secrets delete --scope &lt;scope&gt; --key &lt;key&gt; by the colleague <STRONG>succeeded</STRONG></P></LI></UL><P><STRONG>Questions:</STRONG></P><OL><LI><P>Is this expected when sharing notebooks from personal workspaces, or is it a known issue?</P></LI><LI><P>Any recommended mitigations (e.g., use shared folders, disable cluster terminal, use Key Vault–backed scopes, ensure CLI uses the caller’s identity)?</P></LI></OL><P>Happy to share workspace/cluster IDs and timestamps privately if helpful. Thanks!</P> Tue, 21 Oct 2025 18:42:19 GMT guidotognini 2025-10-21T18:42:19Z https://community.databricks.com/t5/data-governance/heads-up-collaborator-with-read-on-secret-scope-could-delete-a/m-p/135567#M2641 <P>Hi Databricks team,</P><P>Quick heads-up and request for guidance. While collaborating on a notebook <STRONG>in my personal workspace</STRONG>, a colleague who had <STRONG>READ</STRONG> permission on a workspace-backed Secret Scope was able to <STRONG>delete a secret key</STRONG> via terminal/CLI from the shared notebook’s attached cluster.</P><P>I’m not sure if this is expected or a misconfiguration, but it felt like a privilege escalation tied to sharing from a personal workspace.</P><P><STRONG>What we saw (brief):</STRONG></P><UL><LI><P>Scope: workspace-backed, colleague explicitly <STRONG>READ</STRONG> only</P></LI><LI><P>Context: notebook shared from <STRONG>my personal workspace</STRONG></P></LI><LI><P>Action: databricks secrets delete --scope &lt;scope&gt; --key &lt;key&gt; by the colleague <STRONG>succeeded</STRONG></P></LI></UL><P><STRONG>Questions:</STRONG></P><OL><LI><P>Is this expected when sharing notebooks from personal workspaces, or is it a known issue?</P></LI><LI><P>Any recommended mitigations (e.g., use shared folders, disable cluster terminal, use Key Vault–backed scopes, ensure CLI uses the caller’s identity)?</P></LI></OL><P>Happy to share workspace/cluster IDs and timestamps privately if helpful. Thanks!</P> Tue, 21 Oct 2025 18:42:19 GMT https://community.databricks.com/t5/data-governance/heads-up-collaborator-with-read-on-secret-scope-could-delete-a/m-p/135567#M2641 guidotognini 2025-10-21T18:42:19Z https://community.databricks.com/t5/data-governance/heads-up-collaborator-with-read-on-secret-scope-could-delete-a/m-p/135576#M2642 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/169029">@guidotognini</a>&nbsp;-&nbsp;This is not expected behavior if your colleague truly has only READ and their CLI was using their own identity; deletion requires WRITE/MANAGE on the scope. The most probable explanation is that the CLI call was authenticated as an identity with elevated permissions (either via a misconfigured token/profile or a broader ACL than intended), rather than privilege escalation due to sharing from a personal workspace.</P> <P>Can you try the following and check the output? Your colleague should have only read permission, as you stated. It might happen that the group your colleague is in, has manage permission on the scope.</P> <LI-CODE lang="markup">databricks secrets get-acl &lt;scope&gt; &lt;principal&gt; or databricks secrets list-acls &lt;scope&gt;</LI-CODE> <P>&nbsp;</P> Tue, 21 Oct 2025 19:13:29 GMT https://community.databricks.com/t5/data-governance/heads-up-collaborator-with-read-on-secret-scope-could-delete-a/m-p/135576#M2642 dkushari 2025-10-21T19:13:29Z