Hi @Priyam1, As an administrator, you can manage personal access tokens (PATs) in your Databricks workspace. These tokens allow users to authenticate to the Databricks REST API.
Letโs explore how you can handle PATs and monitor external applications connected via these tokens:
Overview of Personal Access Token Management:
- PATs are enabled by default for Databricks workspaces created in 2018 or later.
- Users with the appropriate permissions can generate PATs with any expiration date, including indefinite lifetimes.
- By default, non-admin users cannot create or use PATs.
- As an admin, you control PATs, including enabling/disabling them, monitoring, and setting maximum lifetimes.
Enable or Disable Personal Access Token Authentication:
- PAT authentication is enabled by default for workspaces created in 2018 or later.
- You can change this setting in the workspace settings page.
- When disabled, users and service principals cannot create new tokens, but existing non-expired tokens remain available.
- Note that some features like Partner Connect and service principals require PATs to be enabled.
Fine-Grained Permissions:
- To restrict token access for specific users, keep PAT authentication enabled and set fine-grained permissions for users and groups.
- Control who can create and use tokens based on your requirements.
Monitoring and Revoking Tokens (REST API only):
- You can monitor and revoke tokens using the REST API.
- This allows you to manage token usage effectively.
Service Principals and Automation:
- For automation calls, consider using service principals.
- Create a service principal, add it to the corresponding group with data access, permit it to use PATs, and generate a token.
- Service principals are helpful for external API integrations.
Remember that managing personal access tokens requires the Premium plan or above. For comprehensive guidance, refer to the official Databricks documentation for further details or assistance. ๐
