cancel
Showing results for 
Search instead for 
Did you mean: 
Community Platform Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Showing results for 
Search instead for 
Did you mean: 

Automate run as workflow parameter to default to current user

ivvande
New Contributor II

I am trying to run a workflow within Databricks. I have 2 workflows, workflow one which always runs as the service principal, as all data gets accessed and wrangled within this workflow, and workflow 2 which always defaults to the last run account. In workflow 2 we expect users to set the 'run as' parameter to themselves, as there is a security check built into the workflow that only allows the user to see data they are authorized to see. 

The issue I am facing is that the the run as parameter stays on the user who last made a change to the workflow. This creates the risk that another user can run the workflow with the previous users account. 

Is there a way to set the run as parameter to always default to the current user?

 

ivvande_0-1737706760905.png

 

 

4 REPLIES 4

Isi
New Contributor II

Hey,

I’d like to share my thoughts on this, as I believe the situation might be more complex than it seems, and I feel you might be using a workaround to address a problem that could be tackled differently.

If the core issue revolves around who can view specific data, you could leverage built-in catalog tools and permission settings to control data access at a more granular level. Instead of relying on the ‘run as’ parameter, you could implement access controls using catalog-level permissions, ensuring that users can only read the data they are authorized to see.

Additionally, if you need to generate results after data wrangling, a more scalable approach would be to create dynamic views, allowing only specific users (through groups) to have visibility over certain data. This can be achieved using a SQL view with conditional logic, such as:

 

CREATE OR REPLACE VIEW filtered_data AS 
SELECT * 
FROM raw_data 
WHERE 
  CASE 
    WHEN current_user IN ('user1', 'user2') THEN sensitive_column 
    ELSE NULL 
  END;

 

 

Unlike manual adjustments in the workflow execution settings, which can introduce operational risks and dependencies on user actions, catalog-level permissions ensure consistent data governance and security across all workloads.

If you find this answer helpful, feel free to mark it as resolved or give it a 👍!

🙂

saurabh18cs
Valued Contributor II

Hi, how are you expecting to achieve this? Do you want users who are manually triggering this workflow first update to their run_as? or you want to make this happen programatically?

ivvande
New Contributor II

Users will only trigger this workflow if they need to enquire if a specific change has happened, so it will always be triggered manually by different users

saurabh18cs
Valued Contributor II

I would say then you have to look for some sort of automation in front which will trigger this workflow and update runas to this current user. Or if users are asked to change them manually before every run which is very tricky right.

look for devops pipline or easier python script to do this for your user.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group