cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

Instance Profile Access Controls

100804
New Contributor II

I manage instance profiles assigned to specific user groups. For example, instance profile A provides access solely to group A. Currently, any user within group A has the ability to update the permissions of a cluster using instance profile A, which allows a user from outside group A to utilize the cluster and access instance profile A, contrary to the intended access restrictions on instance profile A.

Are there strategies to mitigate this risk and enhance security?

1 REPLY 1

100804
New Contributor II

 

Hi @Retired_mod,

Thank you for your guidance. I am following the strategies outlined in steps 1 and 2, and I remain concerned about a specific scenario.

Consider instance profile A, which is designed to grant access exclusively to group A. If user A, a member of group A, creates a cluster using instance profile A, they can modify the cluster's permissions, granting unauthorized access to user B, who is not part of group A.

I'd appreciate any additional insights or strategies to specifically address this risk. Thank you!

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group