Databricks Community

100804 · ‎02-21-2024

I manage instance profiles assigned to specific user groups. For example, instance profile A provides access solely to group A. Currently, any user within group A has the ability to update the permissions of a cluster using instance profile A, which allows a user from outside group A to utilize the cluster and access instance profile A, contrary to the intended access restrictions on instance profile A.

Are there strategies to mitigate this risk and enhance security?

100804 · ‎02-22-2024

Hi @Retired_mod,

Thank you for your guidance. I am following the strategies outlined in steps 1 and 2, and I remain concerned about a specific scenario.

Consider instance profile A, which is designed to grant access exclusively to group A. If user A, a member of group A, creates a cluster using instance profile A, they can modify the cluster's permissions, granting unauthorized access to user B, who is not part of group A.

I'd appreciate any additional insights or strategies to specifically address this risk. Thank you!

Databricks Community

Instance Profile Access Controls

Connect with Databricks Users in Your Area

Introducing an exclusively Databricks-hosted Assistant

How to present and share your Notebook insights in AI/BI Dashboards

Meet the Databricks MVPs

Now Hiring: Databricks Community Technical Moderator

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs