- 872 Views
- 5 replies
- 4 kudos
Best practices for 3-layer access control in Databricks
Identity and access management model for Databricks and want to implement a clear 3-layer authorization approach:Account level: Account RBAC roles (account admin, metastore admin, etc.)Workspace level: Workspace roles/entitlements + workspace ACLs (c...
- 872 Views
- 5 replies
- 4 kudos
- 4 kudos
Hi @APJESK, Your 3-layer model (Account RBAC, Workspace ACLs, Unity Catalog privileges) is the right framework. I want to address both the overall design and the specific follow-up you posted about the Home folder and compute behavior, since those ar...
- 4 kudos
- 381 Views
- 4 replies
- 2 kudos
Resolved! How to delete and "Account Level" Storage Credential ? (... I think)
This is not a production platform, but I'd like to know the answer. I suspect I have done something stupid.Using Account APIs, I created a Storage Credential.Q1: I cannot see this in a workspace, and I do not know how to see it in the account console...
- 381 Views
- 4 replies
- 2 kudos
- 2 kudos
Hi @ThePussCat, You’re not missing anything. This is mostly about where UC is surfaced, not about who controls it. Unity Catalog objects (including storage credentials and their workspace bindings) are metastore‑scoped, and the metastore is attached ...
- 2 kudos
- 212 Views
- 2 replies
- 0 kudos
Azure DevOps Release (CD) pipeline - Databricks tasks no longer available
Hello and happy new year everyone.We've noticed that our Azure DevOps Release (CD) pipelines have got all of their Databricks tasks uninstalled, and we cannot find them in the marketplace anymore. The author for both is Microsoft DevLabsWe mainly rel...
- 212 Views
- 2 replies
- 0 kudos
- 0 kudos
Hi @BigAlThePal,As @szymon_dybczak mentioned, the "DevOps for Azure Databricks" extension by Microsoft DevLabs (which provided the "Configure Databricks CLI" and "Deploy Notebooks to Workspace" tasks) was deprecated and has since been removed from th...
- 0 kudos
- 1249 Views
- 2 replies
- 0 kudos
GitHub Actions OIDC with Databricks: wildcard subject for pull_request workflows
Hi,I’m configuring GitHub Actions OIDC authentication with Databricks following the official documentation:https://docs.databricks.com/aws/en/dev-tools/auth/provider-githubWhen running a GitHub Actions workflow triggered by pull_request, authenticati...
- 1249 Views
- 2 replies
- 0 kudos
- 0 kudos
Hi @Valerio,The challenge you are running into is a common one when setting up OIDC federation for pull_request-triggered workflows. Here is a breakdown of the issue and several approaches to solve it.UNDERSTANDING THE SUBJECT CLAIM FOR PULL REQUESTS...
- 0 kudos
- 462 Views
- 7 replies
- 0 kudos
No workspace in Free Edition
Hi, I have been using free edition from some time using my this mail id. But from last 3-4 days I can’t see any workspace. when ever I am logging in I am getting two accounts name and In no workspace is available. When I tried creating another accoun...
- 462 Views
- 7 replies
- 0 kudos
- 0 kudos
 when I logging I am getting above page. where no workspace space and no way to create a new one
- 0 kudos
- 161 Views
- 2 replies
- 2 kudos
User Management tab not showing
Hi,I created the workspace with my contributor role from the Azure portal. However, while logged in, I cannot find the User Management tab. I am trying to set up Unity Catalog for user administration.How can I access this?Thanks
- 161 Views
- 2 replies
- 2 kudos
- 2 kudos
Hi @ZafarJ, This is a common point of confusion when getting started with Azure Databricks, and the answer depends on which level of user management you need. WORKSPACE-LEVEL USER MANAGEMENT As a workspace admin, you can manage users directly in your...
- 2 kudos
- 623 Views
- 6 replies
- 0 kudos
How to restrict Databricks Apps and Vector Search endpoint creation for workspace users
I am looking to restrict all workspace users' access to create Databricks Apps and Vector Search endpoints.I am aware there is no simple toggle, what is the best way to implement it?
- 623 Views
- 6 replies
- 0 kudos
- 0 kudos
Hi @Raman_Unifeye, You are correct that there is no single toggle to block creation of these resources today. Here is a breakdown of the proactive and detective controls available for each. VECTOR SEARCH ENDPOINTS Vector Search endpoints use access c...
- 0 kudos
- 246 Views
- 3 replies
- 1 kudos
Identifying workload in azure and AWS
we are looking for some python codes that can helps us, we need to have an overview of all Databricks workspaces, their owner names, and mainly the runtime versions that they use, in every Azure and AWS subscriptions that we manage. Can someone pleas...
- 246 Views
- 3 replies
- 1 kudos
- 1 kudos
Hi @Saurabh_kanoje, There are two complementary approaches to get an overview of all your Databricks workspaces, their owners, and the runtime versions in use across Azure and AWS. I will walk through both. APPROACH 1: SYSTEM TABLES (RECOMMENDED, NO ...
- 1 kudos
- 170 Views
- 2 replies
- 0 kudos
Databricks Workspace ACL Enforcement
Databricks Workspace ACL Enforcement – How to Prevent Users from Creating Objects Outside Team Folder and Attaching to Shared Clusters?BackgroundI am configuring workspace-level access control in Databricks to restrict Data Engineers (DE group) to op...
- 170 Views
- 2 replies
- 0 kudos
- 0 kudos
Hi @APJESK, The two behaviors you are observing are both by design in how Databricks workspace ACLs work. Let me walk through each one and then cover what you can do to tighten governance. ISSUE 1: USERS CAN CREATE NOTEBOOKS IN THEIR HOME FOLDER Ever...
- 0 kudos
- 485 Views
- 2 replies
- 2 kudos
Best Practice for Sharing AI/BI Dashboards across Workspaces in the same Account
Hello everyone,I’m looking for the most efficient way to share dashboards between two workspaces (Workspace A and Workspace B) within the same Databricks account.[Current Setup]Account: Single account with two workspaces (A and B).Data Governance: Bo...
- 485 Views
- 2 replies
- 2 kudos
- 2 kudos
Hi @Seunghyun, This is a common architecture question, and there are several approaches depending on your requirements around freshness, governance, and operational overhead. Let me address each of your questions directly and then recommend an overal...
- 2 kudos
- 407 Views
- 3 replies
- 1 kudos
Installing libraries on job clusters using tasks dependencies is not reliable in case of repairs
Hello,Following the suggestion on this thread, for job clusters we install the libraries only on the first task of the workflow, which are then made available to the subsequent tasks.However, this method is not reliable in the case of run repairs: th...
- 407 Views
- 3 replies
- 1 kudos
- 1 kudos
Hi @aliz, This is a common pattern to run into when using a dedicated "setup" task for library installation on shared job clusters. The core issue is that repair runs provision a fresh job cluster and only re-execute the failed (or selected) tasks, s...
- 1 kudos
- 233 Views
- 1 replies
- 0 kudos
Automatic Identity Management
Hello,In the context of reviewing our company's databricks structure and migrating legacy workspaces to Unity Catalog enabled ones, we're stuck with a few questions regarding enabling the automatic identity management feature.We currently provision D...
- 233 Views
- 1 replies
- 0 kudos
- 0 kudos
Hi @andrefilipemm, These are important questions when planning a migration to identity federation and Unity Catalog. Let me address each one. BACKGROUND: HOW IDENTITY FEDERATION WORKS When you enable identity federation on a workspace, identity manag...
- 0 kudos
- 343 Views
- 2 replies
- 1 kudos
Implement & Test DR Plan in AWS databricks
Can you share detailed steps or document for DR setup.Example Consider Workspace A running in us-east-1, and planning to setup DR on us-west-2So what are the steps and Task I need to create on AWS us-west-2.Please share in detail steps that required ...
- 343 Views
- 2 replies
- 1 kudos
- 1 kudos
@APJESK I have seen this pattern before. disaster recovery planning for Databricks on AWS is a critical topic and one that Databricks has solid documentation and tooling around. Let me walk you through a comprehensive approach to implementing and tes...
- 1 kudos
- 500 Views
- 7 replies
- 3 kudos
Non-admin users hit browser error opening Jobs → [Job] → Tasks tab (admins OK)
Hi Databricks Community,We’re seeing what appears to be a Jobs UI bug affecting non-admin users only.SummaryWhen a non-admin user opens a job and clicks the Tasks tab, the UI fails and shows an error modal. Admin users can access the same job’s Tasks...
- 500 Views
- 7 replies
- 3 kudos
- 3 kudos
Hi @bdocken, Great that the product team will be looking at your workspace directly -- that is the fastest path to a definitive fix for the redirect loop and React error #185 you are seeing. While you wait for that investigation to complete, here are...
- 3 kudos
- 388 Views
- 4 replies
- 0 kudos
Unable to add users to Azure AD–synced Databricks group via SCIM (InternalError)
Hi everyone,I’m trying to add users to an existing Databricks group programmatically using the Databricks SDK (SCIM PATCH), but I consistently hit an internal error and can’t tell if this is expected behavior or a limitation.My main goal is adding us...
- 388 Views
- 4 replies
- 0 kudos
- 0 kudos
Hi @discuss_darende, @KartikBhatnagar is on the right track in the replies above. Let me expand on this with the full picture. The "InternalError" you are seeing when trying to add users to an Azure AD-synced group via SCIM is expected behavior. Grou...
- 0 kudos
