- 530 Views
- 4 replies
- 4 kudos
Best practices for 3-layer access control in Databricks
Identity and access management model for Databricks and want to implement a clear 3-layer authorization approach:Account level: Account RBAC roles (account admin, metastore admin, etc.)Workspace level: Workspace roles/entitlements + workspace ACLs (c...
- 530 Views
- 4 replies
- 4 kudos
- 4 kudos
Here is a high level RACI chart.CapabilityPlatform AdminsData Stewards (Domain)Data Engineers (Domain)Analysts/BISecurity/ComplianceAccount setup / workspacesR/ACIICMetastore / locations / credsR/ACIICCatalog/Schema design (per domain)IR/ACICGrants (...
- 4 kudos
- 4271 Views
- 2 replies
- 0 kudos
How do I get rid of the GKE cluster?
hi!In our organisation we use databricks but I do not understand why this GKE cluster keeps getting created. We deploy workspaces and compute clusters through terraform and use the GCE tag"x-databricks-nextgen-cluster" = "true"From my understanding, ...
- 4271 Views
- 2 replies
- 0 kudos
- 0 kudos
Hello @Louis_Frolio I would like to confirm my understanding regarding cost attribution for workloads running on Next-Gen / Serverless / Ephemeral Compute that are tagged withx-databricks-nextgen-cluster = "true".Is it correct that, in this case, the...
- 0 kudos
- 196 Views
- 1 replies
- 2 kudos
Best Practice for Sharing AI/BI Dashboards across Workspaces in the same Account
Hello everyone,I’m looking for the most efficient way to share dashboards between two workspaces (Workspace A and Workspace B) within the same Databricks account.[Current Setup]Account: Single account with two workspaces (A and B).Data Governance: Bo...
- 196 Views
- 1 replies
- 2 kudos
- 2 kudos
You don't need to move it from A to B. Just publish it so that all users in your Account can interact with it. (This would fulfill your Req #1 and#2) https://www.databricks.com/blog/sharing-aibi-dashboards [3] Discoverability is a slightly different ...
- 2 kudos
- 234 Views
- 3 replies
- 1 kudos
Resolved! Enabling External Lineage on a free or trial account?
Hi,as part of a small OSS project I am doing, dbt-unity-lineage, I need to enable Bring your own data lineage (Public Preview as of December 2025). But it seems you can't enable that Preview in either free edition or Trial?I'd rather not use my emplo...
- 234 Views
- 3 replies
- 1 kudos
- 1 kudos
@fgeriksen , if you are satisfied with the response please "Accept as Solution" so that others will be informed as well. Cheers, Louis.
- 1 kudos
- 182 Views
- 2 replies
- 0 kudos
Workspace Folder ACL design
How should the Databricks workspace folder architecture be designed to support cross-team collaboration, access governance, and scalability in an enterprise platform? Please suggest below or share some ideas from your experience ThanksNote: I'm new t...
- 182 Views
- 2 replies
- 0 kudos
- 0 kudos
Thanks for the detailed information, Iwill review and get back to you if any question meanwhile can you please on this query Databricks Workspace ACL Enforcement – How to Prevent Users from Creating Objects Outside Team Folder and Attaching to Shared...
- 0 kudos
- 948 Views
- 5 replies
- 3 kudos
Delta Sharing from Databricks to SAP BDC fails with invalid_client error
ContextWe are in the process of extracting data between SAP BDC Datasphere and Databricks (Brownfield Implementation).SAP Datasphere is hosted in AWS (eu10)Databricks is hosted in Azure (West Europe)The BDC Connect System is located in the same regio...
- 948 Views
- 5 replies
- 3 kudos
- 3 kudos
The error DELTA_SHARING_INVALID_RECIPIENT_AUTH refers to an invalid authorization specification when accessing Delta Sharing resources. This maps to SQLSTATE code 28000 ("invalid authorization specification") and typically occurs when the recipient's...
- 3 kudos
- 171 Views
- 0 replies
- 0 kudos
Automatic Identity Management
Hello,In the context of reviewing our company's databricks structure and migrating legacy workspaces to Unity Catalog enabled ones, we're stuck with a few questions regarding enabling the automatic identity management feature.We currently provision D...
- 171 Views
- 0 replies
- 0 kudos
- 187 Views
- 1 replies
- 1 kudos
NetSuite JDBC Driver 8.10.184.0 Suppor
Hello,I am currently attempting to integrate NetSuite with Databricks using the NetSuite JDBC driver version 8.10.184.0. When I attempt to ingestion information from NetSuite to Databricks, I find that the job fails with a checksum error and informs ...
- 187 Views
- 1 replies
- 1 kudos
- 1 kudos
RequirementsTo configure NetSuite for Databricks ingestion, you must have the following:A NetSuite account with a SuiteAnalytics JDBC drivers license.Access to the NetSuite2.com data source. The legacy netsuite.com data source is not supported.Admini...
- 1 kudos
- 367 Views
- 1 replies
- 1 kudos
Databricks certificate expired
Hello,I have a databricks workspace with sso authentication. the IDP is on azure.The client certificate expired and now, I can't log on to databricks to add the new one.How can I do? Any idea is welcomed.Thank you!!Best regards,daniela
- 367 Views
- 1 replies
- 1 kudos
- 1 kudos
This is an AWS Databricks workspace and your SSO is with EntraID? You'll need to create a Support Ticket and then Engineering can disable-SSO temporarily allowing you to login with user+OTP. The long term solution here is that you should: Set up Acco...
- 1 kudos
- 2278 Views
- 2 replies
- 2 kudos
Resolved! Databricks Apps - X-Forwarded-Access-Token not available
Hi all,I've recently been getting started with Databricks Apps, and have been trying to use on-behalf-of access. However, it seems that the X-Forwarded-Access-Token is not coming through in my app headers. I have lots of other X-Forwarded ones such a...
- 2278 Views
- 2 replies
- 2 kudos
- 2 kudos
Just to add from my experience, in case James’s solution doesn’t work for you: I tried fully stopping and restarting the app, but the user authentication page which asks for permission didn’t appear until I used incognito mode
- 2 kudos
- 2621 Views
- 3 replies
- 1 kudos
Reverse colors in dark mode
It seems that Databricks implements its dark mode by applying the invert filter so that all colors are reversed. This is problematic if one wants to create some sort of html widget or rich output since this filter is passed down to the result of disp...
- 2621 Views
- 3 replies
- 1 kudos
- 1 kudos
Also struggled with that issue. What I found is that there is a style applied onto the iframe: "filter: var(--invert-filter);" which applies this CSS: filter: invert(1) saturate(0.5).I couldn't find any elements within the iframe that I can use to de...
- 1 kudos
- 1201 Views
- 14 replies
- 2 kudos
Need Help - System tables that contains all databricks users, service principal details !!
Hi all - I am trying to create a dashabord where I need to list down all users and service principals along with groups and understand their databricks usages. Is there any table available in Databricks that contains user, service principal details. ...
- 1201 Views
- 14 replies
- 2 kudos
- 2 kudos
Hi, I can't find any reference to a user system table in our docs. Instead the recommended approach is to use the API to return users, groups and service principals. You can either run this using the Workspace Client if you only have worspace admin p...
- 2 kudos
- 322 Views
- 2 replies
- 0 kudos
Resolved! Databricks Genie - Space Creation Restriction
Hi,As Genie space can be created by anyone who has access to create by attaching a Delta Table and SQLWH. Is there a way to control or restrict space creation only by Admin Team group?We want no one apart Admins to create and manage spaces. Users sho...
- 322 Views
- 2 replies
- 0 kudos
- 0 kudos
Yes—lock space creation to your Admins by controlling entitlements and warehouse permissions. The ability to create a Genie space isn’t a separate toggle today; it’s implied by (a) the Databricks SQL workspace entitlement and (b) CAN USE on at least ...
- 0 kudos
- 310 Views
- 2 replies
- 2 kudos
Resolved! The Lakeflow connect Gateway setup, do we need to install the agent on-prem?
The Lakeflow connect Gateway setup to connect on-prem SQL serverPlease provide the steps the setup the gateway agent on the on-prem? Where to download this agent? What are the firewall rules for outbound looks like. Kind regards,Asha
- 310 Views
- 2 replies
- 2 kudos
- 2 kudos
Hi @Ashash12 ,You need to have proper network connectivity to your on premise SQL Server. As they stated in the docs - connector supports SQL Server on-premises using Azure ExpressRoute and AWS Direct Connect networkinghttps://docs.databricks.com/aws...
- 2 kudos
- 538 Views
- 2 replies
- 1 kudos
Resolved! Queries Hanging Indefinitely
I spun up a databricks environment on AWS via the AWS marketplace.All the required infrastructure such as S3, VPC, Subnets are automatically created during the processOnce I get the Databricks environment up and running - I created a cluster. I attac...
- 538 Views
- 2 replies
- 1 kudos
- 1 kudos
Hi, I believe this is happening as you haven't got the right ports open to connect between your classic compute and the UC Metatstore. When you try to select 1 it works as it doesn't need to talk to the metastore but when you do show catalogs it is t...
- 1 kudos
