Databricks Community

Charuvil · yesterday

Each Azure Databricks workspace has an associated Azure storage account in a managed resource group known as the workspace storage account. The workspace storage account includes workspace system data (job output, system settings, and logs), DBFS root, and in some cases a Unity Catalog workspace catalog.

We noticed that these storage accounts have Storage account key access as Enabled by default. This is raising security concerns within our team. Is there any way to disable the storage account key access? Is Databricks using this key for any kind of authentication purpose? As far as I know Databricks discourage the use of keys and recommends to use managed identities for authentication.

Raman_Unifeye · yesterday

@Charuvil - you've rightly observed.

Databricks uses the Storage Account Access Key to authenticate the connection between the Databricks Control Plane and the Data Plane and you cannot simple disable it.

will love to see the alternate solution from the community.

RG #Driving Business Outcomes with Data Intelligence

nayan_wylde · yesterday

Do not disable Storage account key access for the storage account backing the DBFS root. Disabling this setting leads to unexpected behaviors and errors. Moreover it is in Microsoft managed resource group. Any changes to it might require to raise a Microsoft support ticket. I have a recent experience. I wanted to calculate the size of one of the containers. I had to raise a Microsoft support ticket.