cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Get Started Discussions
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Number of tokens generated for a service principal

Surajv
New Contributor III

a month ago

Hi community, 

Is there any API or option to view all PAT tokens generated by a Databricks service principal?

0 Kudos
1 REPLY 1

Kaniz
Community Manager
Community Manager

a month ago

Hi @SurajvWhen working with Databricks service principals, you can manage and view personal access tokens (PATs) associated with them.

Hereโ€™s how you can achieve this:

  1. What is a Service Principal?

    • A service principal is an identity created in Databricks specifically for use with automated tools, jobs, and applications.
    • It provides API-only access to Databricks resources, enhancing security compared to using regular users or groups.
    • You can grant and restrict a service principalโ€™s access to resources just like you would for a Databricks user.

  2. Managing Service Principals:

    • To manage service principals in Databricks, you need one of the following roles:
      • Account Admin: Can add service principals to the account and assign them admin roles.
      • Workspace Admin: Can add service principals to a Databricks workspace, assign them the workspace admin role, and manage access.
      • Service Principal Manager: Can manage roles on a service principal.

  3. Viewing PAT Tokens for a Service Principal:

    • To view PAT tokens generated for a Databricks service principal, follow these steps:
      • Click the name of the Databricks service principal to open its settings page.
      • On the Configurations tab, note the Application Id value.
      • Use the Databricks CLI to run the following command, which generates the access token for the Databricks service principal: 
        databricks tokens create --scope <scope> --comment <comment> --lifetime <lifetime>
      • Replace <scope>, <comment>, and <lifetime> with appropriate values.

  4. Identity Federation (Recommended):

    • Databricks recommends enabling your workspaces for identity federation.
    • Identity federation simplifies administration and data governance by allowing you to configure service principals in the account console and assign them access to specific workspaces.
    • Note that if your account was created after November 8, 2023, identity federation is enabled on all new workspaces by default and cannot be disabled.

Remember, service principals are API-only identities and cannot be used to access the Databricks UI. If you have any further questions or need assistance, feel free to ask! ๐Ÿš€๐Ÿ”‘

For more details, refer to the official Databricks documentation1.

 
0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.