03-06-2024 04:19 AM
Hi Community,
Is there a way to limit the scope of workspace level token to hit only certain REST APIs of Databricks.
In short, Once we generate a workspace level token following this doc. Link: https://docs.databricks.com/en/dev-tools/auth/oauth-m2m.html#manually-generate-a-workspace-level-acc...
I see we can generate token via:
curl --request POST \ --url <token-endpoint-URL> \ --user "$CLIENT_ID:$CLIENT_SECRET" \ --data 'grant_type=client_credentials&scope=all-apis'
But here, the scope=all-apis. Which gives access to all APIs. Can I limit the APIs which the entity can access using the token as a part of ensuring better security?
03-07-2024 12:32 AM
Hi @Surajv , When working with Databricks, you can manage personal access tokens to control the scope of access to specific REST APIs.
Let’s explore how you can achieve this:
Personal Access Tokens Overview:
Enabling or Disabling Personal Access Tokens:
Fine-Grained Control:
Setting Maximum Token Lifetime (REST API Only):
PATCH /workspace-conf
API and set maxTokenLifetimeDays
to the desired maximum token lifetime (in days) as an integer.Monitoring and Revoking Tokens (REST API Only):
Remember that managing personal access tokens is crucial for security, and Databricks provides tools and options to tailor token access according to your requirements. For detailed instructions, refer to the official Databricks documentation1.
By following these practices, you can enhance security while allowing controlled access to specific REST APIs within your Databricks workspace. 🛡️🔒
03-11-2024 11:28 PM
Hi @Kaniz_Fatma,
Thanks for response. Noted.
I have 1 doubt: Can I restrict the token access only to specific REST APIs? In other words, once I use the token and setup a bearer token based auth and try accessing different REST APIs provided by Databricks like consider below 3 APIs:
i) /api/2.1/unity-catalog/catalogs
ii) /api/2.0/preview/sql/queries
03-11-2024 11:28 PM - edited 03-11-2024 11:29 PM
<Replied to previous message as response to @Kaniz_Fatma's answer>
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.
If there isn’t a group near you, start one and help create a community that brings people together.
Request a New Group