Databricks Community

Surajv · ‎03-19-2024

Hi community,

Assume I generate a personal access token for an entity. Post generation, can I restrict the access of the entity to specific REST APIs? In other words, consider this example where once I use generate the token and setup a bearer token based auth and try accessing different REST APIs provided by Databricks like below 3 APIs:

i) /api/2.1/unity-catalog/catalogs
ii) /api/2.0/preview/sql/queries

iii) /api/2.0/sql/warehouses

Is it possible to only access APIs defined in (i) and (ii) and not give API access permission to (iii) to the entity?

Is there a way to enforce this?

drag7ter2 · ‎10-14-2024

Did you get an answer how to restrict and if it is possible an access to api?

Panda · ‎10-15-2024

@Surajv

You have to rely on access control settings on resources and entities (users or service principals or create some cluster policies), rather than directly restricting the API endpoints at the token level.

Note: API access based on fine-grained control of the token itself may be currently not supported OOB by Databricks.

Databricks Community

Restrict access of user/entity to hitting only specific Databricks Rest APIs

Connect with Databricks Users in Your Area

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs

Data + AI Summit: Call for Presentations

Season's Speedings: Databricks SQL Delivers 4x Performance Boost Over Two Years

Now Hiring: Databricks Community Technical Moderator

Become Our Next Monthly Community Champion!