cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to change the audit log delivery Service Account?

Siddu07
New Contributor II

‎04-14-2023 02:18 AM

Hi Team,

I'm trying to set up Audit log delivery based on the documentation "https://docs.gcp.databricks.com/administration-guide/account-settings-gcp/log-delivery.html". As per the document, I've created a multi-region storage bucket however I'm not able to add "log-delivery@databricks-prod-master.iam.gserviceaccount.com" service account as storage admin as identities where restricted based on domain name in our GCP environment.

So is there a way to overcome this and setup Audit log delivery or to change Databricks audit log delivery service account?

3 REPLIES 3

Anonymous
Not applicable

‎04-26-2023 09:49 PM

@abu bakar siddik​ 

If you are unable to add the "log-delivery@databricks-prod-master.iam.gserviceaccount.com" service account as a storage admin due to domain name restrictions in your GCP environment, there are a few options you can consider:

  1. Contact your GCP administrator to see if they can add an exception to the domain name restriction to allow the service account to be added as a storage admin.
  2. Create a new GCP service account with a domain name that is allowed in your environment, and grant the necessary permissions to this new service account to access the storage bucket. You can then update the Databricks log delivery configuration to use this new service account.
  3. Change the Databricks audit log delivery service account by following the steps outlined in the Databricks documentation here: https://docs.databricks.com/administration-guide/account-settings-gcp/log-delivery.html#change-the-a.... This involves creating a new service account and updating the Databricks log delivery configuration to use the new service account.

Note that changing the audit log delivery service account may impact any existing logs or permissions that are associated with the previous service account. It's important to carefully consider the implications of this change before proceeding.

0 Kudos

Siddu07
New Contributor II
In response to Anonymous

‎05-02-2023 08:33 AM

@Suteja Kanuri​ 

Thanks for your response. I did check with my cloud team due to security constraints they are not allowing this service account and I'm following up with upper management to get an exception for this.

However, I would like to go with another approach to change the log delivery service account. The link you have provided is throwing a 404 error for me. Could you please check and share the right URL.

0 Kudos

Priyag1
Honored Contributor II

‎05-02-2023 09:45 AM

Documentation helps in many tasks

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.