cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Using logged in user's identity in Databricks Apps

vishwas7
New Contributor II

16 hours ago

Hi Databricks Community, I recently started using Datbricks apps where I list some schemas and tables in the UI.

What I explicitly want to do is only show the schemas and tables on which user actually have permission. Currently the databricks apps would use it's own identity, morever in the headers as well I do receive email and username but don't have any access token which might be used for user impersonation.

Do let me know if I could achieve it.

0 Kudos
2 REPLIES 2

Walter_C
Databricks Employee
Databricks Employee

16 hours ago

To display only the schemas and tables on which a user has permission in Databricks Apps, you need to manage permissions effectively. Here are the steps and considerations based on the provided context:

  1. Service Principal for Authorization:

    • When a Databricks app is created, a service principal is automatically assigned to the app. This service principal is used to authenticate and authorize access to resources within the workspace, such as SQL warehouses, model serving endpoints, or securable objects in Unity Catalog.
    • If the service principal requires access to additional resources (e.g., tables or workspace files), an account or workspace admin must grant the necessary permissions to the service principal. This follows the principle of least privilege, ensuring that the service principal only has the minimal permissions required.

  2. Managing Permissions:

    • To manage the appโ€™s permissions, you must have the CAN MANAGE or IS OWNER permission. On the app details page, you can configure permissions by selecting the user, group, or service principal and assigning the appropriate permissions.
    • Permissions can be managed through the Databricks Apps UI, where you can add or modify permissions for users, groups, or service principals.
0 Kudos

vishwas7
New Contributor II

16 hours ago

Hi @Walter_C , thanks for the quick reply. I understood the functioning of above stated Service Principal and Permission Management.

In my scenario, I have a schema 'S' with table T1(with user U1 Read, user U2 - Read Permission) and T2(user U1 Read permission). Now if I assign databricks app's service principal as owner on schema "S", It will let both user U1 and U2 access Table T1 and T2.

What I am searching is the way to validate if the user logged in databricks app actually have access to the Table or any other object before accessing it. Currently I can first get permissions list for the table and check if the logged in user's email id is there in the list. But I wanted to check if there can be any better way.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements