topic Re: Restrict access of user/entity to hitting only specific Databricks Rest APIs in Get Started Discussions

Restrict access of user/entity to hitting only specific Databricks Rest APIs

Surajv — Tue, 19 Mar 2024 10:23:41 GMT

Hi community,

Assume I generate a personal access token for an entity. Post generation, can I restrict the access of the entity to specific REST APIs? In other words, consider this example where once I use generate the token and setup a bearer token based auth and try accessing different REST APIs provided by Databricks like below 3 APIs:

i) /api/2.1/unity-catalog/catalogs
ii) /api/2.0/preview/sql/queries

iii) /api/2.0/sql/warehouses

Is it possible to only access APIs defined in (i) and (ii) and not give API access permission to (iii) to the entity?

Is there a way to enforce this?

Re: Restrict access of user/entity to hitting only specific Databricks Rest APIs

drag7ter2 — Mon, 14 Oct 2024 15:35:38 GMT

Did you get an answer how to restrict and if it is possible an access to api?

Re: Restrict access of user/entity to hitting only specific Databricks Rest APIs

Panda — Tue, 15 Oct 2024 12:31:41 GMT

@Surajv

You have to rely on access control settings on resources and entities (users or service principals or create some cluster policies), rather than directly restricting the API endpoints at the token level.

Note: API access based on fine-grained control of the token itself may be currently not supported OOB by Databricks.