Databricks Community

kaustubhgupta · ‎09-05-2023

We extensively use Databricks (DBX) for creating Tableau visuals. Whenever DBX data sources are published on our self hosted Tableau Server, we have to add the connection creds for the data source. These creds can be both personal email id-password or personal access (PA) token based password. On the other hand, a source like Google Sheets only requires one time user addition to the server settings.

Ask:

Do we have a way to add o-auth for DBX based connections?
If not o-auth, then can we somehow store the PA token in Tableau Server and use that for every new data source that gets added?

Use-case:

NLE employees can be safely offboarded without the fear of breaking any workflow
The PA can be refreshed periodically to maintain infosec

kaustubhgupta · ‎09-11-2023

Thanks for your response. While I understood most of it, I still have some doubts to clear. Therefore explaining it again.

Problem:

We want users to create data sources using Databricks via their personal credentials in the local env (tableau desktop) and as soon as the user publishes the data source on the server, the personal credentials should not be present. Instead, the credentials stored in Tableau server should be used automatically (we are preferring personal access token of the service account). This should make sure that the workflows do not break and the data source (if created in extract mode) are refreshing at the schedule set) even if a user access is removed from databricks

My Understanding:

As mentioned in the resolution, we need to use a service account. Does this service account ensure our concerns? How do we set up this account in such a manner that it does not prompt authentication for every new data source.

Any other possible solutions?

Do we have any other solution to the concerns raised?