cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Skepticism about U2M OAuth: Does Snowflake Federation Actually Switch User Identity per Query?

martkev
New Contributor

yesterday

Hi everyone,

I'm currently setting up Snowflake federation with Databricks using Microsoft Entra ID (U2M OAuth). However, I'm skeptical that the connection truly switches the user identity dynamically for each Databricks user (https://docs.databricks.com/aws/en/query-federation/snowflake-entra).

Since the connection requires a static Snowflake username during setup, it seems that all queries might still run under this single identity rather than the identity of the logged-in Databricks user.

Can someone confirm whether Snowflake federation actually propagates per-user identity at query time, or if the connection always uses the initially configured user?

Thanks!

Labels:
Preview file
64 KB
0 Kudos
1 REPLY 1

Raman_Unifeye
Contributor III

yesterday

In theory, the User-to-Machine (U2M) OAuth flow you are setting up with Microsoft Entra ID is designed to propagate the per-user identity dynamically at query time. I haven't set it up myself though.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements