-
What is a Service Principal?
- A service principal is an identity created in Databricks specifically for use with automated tools, jobs, and applications.
- It provides API-only access to Databricks resources, enhancing security compared to using regular users or groups.
- You can grant and restrict a service principalโs access to resources just like you would for a Databricks user.
-
Managing Service Principals:
- To manage service principals in Databricks, you need one of the following roles:
- Account Admin: Can add service principals to the account and assign them admin roles.
- Workspace Admin: Can add service principals to a Databricks workspace, assign them the workspace admin role, and manage access.
- Service Principal Manager: Can manage roles on a service principal.
-
Viewing PAT Tokens for a Service Principal:
- To view PAT tokens generated for a Databricks service principal, follow these steps:
-
Identity Federation (Recommended):
- Databricks recommends enabling your workspaces for identity federation.
- Identity federation simplifies administration and data governance by allowing you to configure service principals in the account console and assign them access to specific workspaces.
- Note that if your account was created after November 8, 2023, identity federation is enabled on all new workspaces by default and cannot be disabled.
Remember, service principals are API-only identities and cannot be used to access the Databricks UI. If you have any further questions or need assistance, feel free to ask! ๐๐
For more details, refer to the official Databricks documentation1.