Hi @alm, In Databricks, you can manage service principals to handle automated tools, jobs, and applications. These service principals provide API-only access to Databricks resources, enhancing security compared to using regular users or groups.
Let’s dive into the details:
-
What is a Service Principal?
- A service principal is an identity created in Databricks specifically for use with automated tools, scripts, and applications.
- It allows API-only access to Databricks resources.
- Similar to regular users, you can grant and restrict a service principal’s access to resources.
- Unlike regular users, a service principal cannot access the Databricks UI.
-
Managing Service Principals:
- Account Admins, Workspace Admins, or users with specific roles on a service principal can manage them.
- Here are some actions you can take with service principals:
- Assign Roles: Give a service principal account admin and workspace admin roles.
- Data Access: Provide access to data at the account level using Unity Catalog or at the workspace level.
- Group Membership: Add a service principal to groups (both at the account and workspace levels).
- Job Execution: Users can run jobs as the service principal, ensuring job stability even if users leave the organization or groups are modified.
-
Identity Federation (Recommended):
- Databricks recommends enabling identity federation for your workspaces.
- Identity federation simplifies administration and data governance.
- It allows you to configure service principals in the account console and assign them access to specific workspaces.
Remember, if your account was created after November 8, 2023, identity federation is enabled by defa...1. So, managing service principals should be straightforward! 🚀