cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Native service principal support in JDBC/ODBC drivers

Go to solution
harripy
New Contributor III

โ€Ž04-22-2024 11:41 PM

Read from Databricks integration best practises about the native support for Service Principal authentication on JDBC/ODBC drivers. The timetable mentioned for this was "expected to land in 2023", is this referring to the https://docs.databricks.com/en/integrations/jdbc/authentication.html#oauth-machine-to-machine-m2m-au... - section of the authentication documentation?
The example shows parameters:

String url = "jdbc:databricks://<server-hostname>:443";
Properties p = new java.util.Properties();
p.put("httpPath", "<http-path>");
p.put("AuthMech", "11");
p.put("Auth_Flow", "1");
p.put("OAuth2ClientId", "<service-principal-application-id>");
p.put("OAuth2Secret", "<service-principal-oauth-secret>");

So assumably this works with Databricks Service Principals (on AWS), but does this function also in Azure with EntraID Service Principals? (at least the Tenant ID should be somehow provided still)

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
daniel_sahal
Esteemed Contributor

โ€Ž04-22-2024 11:49 PM

@harripy 

As it says in the documentation, 

JDBC driver 2.6.36 and above supports Azure Databricks OAuth secrets for OAuth M2M or OAuth 2.0 client credentials authentication. Microsoft Entra ID secrets are not supported.

https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-...

View solution in original post

2 REPLIES 2

Go to solution
daniel_sahal
Esteemed Contributor

โ€Ž04-22-2024 11:49 PM

@harripy 

As it says in the documentation, 

JDBC driver 2.6.36 and above supports Azure Databricks OAuth secrets for OAuth M2M or OAuth 2.0 client credentials authentication. Microsoft Entra ID secrets are not supported.

https://learn.microsoft.com/en-us/azure/databricks/integrations/jdbc/authentication#--oauth-machine-...

Go to solution
harripy
New Contributor III
In response to daniel_sahal

โ€Ž04-23-2024 06:44 AM

Thanks for pointing this out, so indeed the OAuth M2M should be executed only with Databricks Service Principals.

Interestingly, I found out that on Azure Databricks SQL Warehouse Permissions can not be set (at least not through GUI) for a Databricks Service Principal (the SP can not be found on the Permissions menu), so this rules out this possibility to utilise this connection method as "Can Use/Can Manage" permissions can not be given for the Databricks SP. Or is there another way to provide this?

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements