<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>All board posts in Lakebase Hub</title>
    <link>https://community.databricks.com/t5/lakebase-hub/ct-p/LakebasePostgres</link>
    <description>All board posts in Lakebase Hub</description>
    <pubDate>Sat, 18 Jul 2026 22:31:47 GMT</pubDate>
    <dc:creator>LakebasePostgres</dc:creator>
    <dc:date>2026-07-18T22:31:47Z</dc:date>
    <item>
      <title>Re: Why We Moved Our Operational Database Into Databricks — And Stopped Managing Two Stacks</title>
      <link>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/163073#M73</link>
      <description>&lt;P&gt;Great article Naveen! Thanks for putting your finger on where the actual work is in migrating to Lakebase and what teams need to think about.&lt;/P&gt;</description>
      <pubDate>Wed, 15 Jul 2026 10:22:34 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/163073#M73</guid>
      <dc:creator>XavierArmitage</dc:creator>
      <dc:date>2026-07-15T10:22:34Z</dc:date>
    </item>
    <item>
      <title>Announcement | From monolith to Lakebase to LTAP: rethinking the database from storage up</title>
      <link>https://community.databricks.com/t5/lakebase-articles/announcement-from-monolith-to-lakebase-to-ltap-rethinking-the/m-p/162942#M72</link>
      <description>&lt;P&gt;&lt;SPAN&gt;Databricks has shared a deeper look at how &lt;/SPAN&gt;&lt;STRONG&gt;Lakebase&lt;/STRONG&gt;&lt;SPAN&gt; rethinks database architecture by separating Postgres compute from storage, and how that design leads to &lt;/SPAN&gt;&lt;STRONG&gt;LTAP&lt;/STRONG&gt;&lt;SPAN&gt;, a model where transactions and analytics can run on the same underlying data without traditional ETL pipelines or separate copies.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;FONT size="4"&gt;&lt;STRONG&gt;What’s new&lt;/STRONG&gt;&lt;/FONT&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI style="font-weight: 400;" aria-level="1"&gt;&lt;STRONG&gt;Why traditional databases hit limits&lt;/STRONG&gt;&lt;SPAN&gt;: Databricks argues that many database pain points trace back to a monolithic design where the write-ahead log and data files live on one machine, making durability, scaling, replicas, and workload isolation harder than they need to be.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI style="font-weight: 400;" aria-level="1"&gt;&lt;STRONG&gt;Lakebase separates compute from storage&lt;/STRONG&gt;&lt;SPAN&gt;: In Lakebase, Postgres compute becomes stateless while storage is externalized, with data living in low-cost cloud object storage and compute scaling independently on top.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI style="font-weight: 400;" aria-level="1"&gt;&lt;STRONG&gt;That architecture unlocks practical benefits&lt;/STRONG&gt;&lt;SPAN&gt;: Databricks highlights elastic serverless compute, durable storage, instant branching and cloning, and a more flexible operating model for transactional workloads.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI style="font-weight: 400;" aria-level="1"&gt;&lt;STRONG&gt;Lakebase also improves the path to LTAP&lt;/STRONG&gt;&lt;SPAN&gt;: Databricks says LTAP unifies transactional and analytical processing at the storage layer, so operational and analytical workloads can work from a single governed copy of data in the lake instead of relying on ETL, replicas, or hidden sync pipelines.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI style="font-weight: 400;" aria-level="1"&gt;&lt;STRONG&gt;Storage-layer unification is the key idea&lt;/STRONG&gt;&lt;SPAN&gt;: Rather than forcing one engine to do everything, Databricks keeps Postgres for transactions and lakehouse engines for analytics, while making the data underneath shared, current, and governed through Unity Catalog.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN&gt;Databricks also points to performance work already happening in Lakebase itself. In one architecture update, the company said Lakebase can deliver up to &lt;/SPAN&gt;&lt;STRONG&gt;5x faster Postgres writes&lt;/STRONG&gt;&lt;SPAN&gt; by pushing certain recovery-related work into its distributed storage layer instead of leaving it on the compute node.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p8i6j01 paragraph"&gt;&lt;A style="background-color: #ff3621; color: white; padding: 10px 20px; text-decoration: none; border-radius: 5px; font-weight: bold; display: inline-block;" href="https://www.databricks.com/blog/lakebase-ltap-rethinking-database-storage" target="_blank" rel="noopener"&gt; &lt;span class="lia-unicode-emoji" title=":backhand_index_pointing_right:"&gt;👉&lt;/span&gt; Read the full post here &lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 14 Jul 2026 12:32:44 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/announcement-from-monolith-to-lakebase-to-ltap-rethinking-the/m-p/162942#M72</guid>
      <dc:creator>Tushar_Parekar</dc:creator>
      <dc:date>2026-07-14T12:32:44Z</dc:date>
    </item>
    <item>
      <title>Re: HealthCare Prior Authorizations with Databricks Lakebase Vector Search</title>
      <link>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/160860#M69</link>
      <description>&lt;P&gt;Hi Venkat, Sent you a message. I highly recommend checking out the&amp;nbsp;Lake base &lt;A style="font-family: inherit; background-color: #ffffff;" href="https://community.databricks.com/t5/lakebase-articles/fortifying-enterprise-healthcare-databricks-lakebase-with-the/td-p/160552" target="_self"&gt;Security Triad framework&lt;/A&gt; since you are leveraging it in the product.&lt;/P&gt;</description>
      <pubDate>Mon, 29 Jun 2026 13:51:25 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/160860#M69</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-06-29T13:51:25Z</dc:date>
    </item>
    <item>
      <title>Re: HealthCare Prior Authorizations with Databricks Lakebase Vector Search</title>
      <link>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/160697#M68</link>
      <description>&lt;P&gt;Hi Balaji - can we connect ? I have shared my email below.&amp;nbsp; I want to learn more about the prior authorization workflow with Lakebase.&lt;/P&gt;</description>
      <pubDate>Fri, 26 Jun 2026 19:14:57 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/160697#M68</guid>
      <dc:creator>venkat-raghavan</dc:creator>
      <dc:date>2026-06-26T19:14:57Z</dc:date>
    </item>
    <item>
      <title>Re: How to prevent users from creating Lakebase compute?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/160678#M114</link>
      <description>&lt;P&gt;Thank you very much for also looking into this.&lt;/P&gt;&lt;P&gt;I've submitted this as feedback via the new Lakebase Postgres web-ui. It doesn't look like I can link to that submitted feedback here. Let's hope for the best.&lt;/P&gt;</description>
      <pubDate>Fri, 26 Jun 2026 14:02:43 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/160678#M114</guid>
      <dc:creator>charl-p-botha</dc:creator>
      <dc:date>2026-06-26T14:02:43Z</dc:date>
    </item>
    <item>
      <title>Fortifying Enterprise Healthcare Databricks Lakebase with the Security Triad</title>
      <link>https://community.databricks.com/t5/lakebase-articles/fortifying-enterprise-healthcare-databricks-lakebase-with-the/m-p/160552#M67</link>
      <description>&lt;P&gt;&lt;SPAN class=""&gt;Modern Enterprise Healthcare Lake bases have fundamentally transformed care data operations by seamlessly unifying high concurrency transactional workloads such as electronic records (EMR) syncing, streaming care vitals and persistent memory for generative AI care agents directly into a single, fast &amp;amp; governed platform. However, unlocking the power of this unified transactional agentic engine requires clearing the industry's most daunting operational hurdle - the corporate InfoSec reviews. Care organizations handling highly sensitive Protected Health Information (PHI) under strict certification boundaries are required to maintain absolute audit readiness without suffocating engineering velocity. It requires a comprehensive approach to modern serverless security. This operational balance is achieved by establishing a robust &lt;STRONG&gt;Security Triad -&amp;nbsp;a cohesive framework &lt;/STRONG&gt;combining&amp;nbsp;&lt;STRONG&gt;Protected Branches, Customer-Managed Keys (CMK) and Private Link &lt;/STRONG&gt;to comprehensively&amp;nbsp;&lt;STRONG&gt;secure care data &lt;/STRONG&gt;at the various platform tiers&lt;STRONG&gt;.&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Protected Branches&lt;/STRONG&gt;&lt;/U&gt; -&amp;nbsp;&lt;/P&gt;&lt;P&gt;The first pillar of the triad - &lt;STRONG&gt;Protected Branches&amp;nbsp;&lt;/STRONG&gt;act as a critical safety mechanism for healthcare vitals teams by preventing accidental &lt;STRONG&gt;deletion&lt;/STRONG&gt; or &lt;STRONG&gt;modification&lt;/STRONG&gt; of production database environments. Branching enables teams to create ephemeral test branches for schema &lt;STRONG&gt;migrations&lt;/STRONG&gt; or query &lt;STRONG&gt;optimization&lt;/STRONG&gt; while keeping production data immutable. Care Teams can safely experiment with new data models such as adding real-time streaming vitals from monitors or refactoring historical care records on branches without risking the production environments&lt;STRONG&gt;.&amp;nbsp;&lt;/STRONG&gt;Protected Branches unlocks structural platform benefits as Databricks prioritizes data within it directly inside the Lakebase &lt;STRONG&gt;storage cache&lt;/STRONG&gt; allowing the&amp;nbsp;production workloads inherit &lt;STRONG&gt;optimized, sub-second&lt;/STRONG&gt; query latencies by default.&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Customer Managed Keys&lt;/STRONG&gt;&lt;/U&gt;&amp;nbsp;-&lt;/P&gt;&lt;P&gt;CMK&amp;nbsp;provide healthcare vitals teams with complete &lt;STRONG&gt;data sovereignty&lt;/STRONG&gt; and &lt;STRONG&gt;encryption control&lt;/STRONG&gt;&amp;nbsp;essential for meeting stringent regulatory &lt;STRONG&gt;compliance&lt;/STRONG&gt; requirements. Organizations can own and manage their &lt;STRONG&gt;encryption keys&lt;/STRONG&gt; through their cloud &lt;STRONG&gt;Key Management Service&lt;/STRONG&gt; (AWS KMS or Azure Key Vault). It ensures that sensitive care vitals data from telemetry to monitoring records remain encrypted at rest with keys under the care organization's direct control. The critical advantage is the ability to instantly &lt;STRONG&gt;revoke&lt;/STRONG&gt; access&amp;nbsp;- if an incident occurs or a compliance audit demands immediate validation revoking the key &lt;STRONG&gt;instantly&lt;/STRONG&gt; makes all Lakebase projects data &lt;STRONG&gt;inaccessible/unavailable&lt;/STRONG&gt; (key is&amp;nbsp;revoked, deleted or its permissions are changed) providing a &lt;STRONG&gt;direct switch&lt;/STRONG&gt; that meets data breach response protocols and gives security teams definitive proof of data inaccessibility for regulatory reporting.&amp;nbsp;CMK operates at the workspace level allowing a workspace admin to configure CMK once through the &lt;STRONG&gt;Managed services&lt;/STRONG&gt; encryption configuration and its applicable to &lt;STRONG&gt;all&lt;/STRONG&gt; newly created Lakebase &lt;STRONG&gt;Autoscaling projects&lt;/STRONG&gt;. All projects automatically &lt;STRONG&gt;inherit&lt;/STRONG&gt; customer-managed encryption without requiring individual setup by various teams.&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;U&gt;&lt;STRONG&gt;Private Link&lt;/STRONG&gt;&lt;/U&gt;&lt;STRONG&gt; -&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Care organizations face significant &lt;STRONG&gt;compliance&lt;/STRONG&gt; risk when care data flows over &lt;STRONG&gt;public networks&lt;/STRONG&gt; even if &lt;STRONG&gt;encrypted&lt;/STRONG&gt;.&amp;nbsp;Private Link &lt;STRONG&gt;eliminates&lt;/STRONG&gt; the attack surface entirely by creating &lt;STRONG&gt;private connections&lt;/STRONG&gt; between applications and Lakebase databases&amp;nbsp;addressing core &lt;STRONG&gt;security&lt;/STRONG&gt; requirements and reducing &lt;STRONG&gt;regulatory audit&lt;/STRONG&gt; exposure.&amp;nbsp;Lakebase Autoscaling &lt;STRONG&gt;routes&lt;/STRONG&gt; traffic through two endpoints -&amp;nbsp;&lt;STRONG&gt;standard&amp;nbsp;Inbound&lt;/STRONG&gt; Private Link&amp;nbsp;for REST API and workspace operations and&amp;nbsp;&lt;STRONG&gt;Inbound&lt;/STRONG&gt; Private Link for &lt;STRONG&gt;performance intensive&lt;/STRONG&gt; services&amp;nbsp;for Postgres client connections.&amp;nbsp;The dual endpoint architecture allows for granular control.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Care Security Triad Matrix&lt;/STRONG&gt;&lt;/U&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;TABLE border="1" width="100.04060089321965%"&gt;&lt;TBODY&gt;&lt;TR&gt;&lt;TD width="33.37393422655298%"&gt;&lt;STRONG&gt;Security Pillar&lt;/STRONG&gt;&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;&lt;STRONG&gt;Core Theme&lt;/STRONG&gt;&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;&lt;STRONG&gt;Nuance&lt;/STRONG&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="33.37393422655298%"&gt;&lt;STRONG&gt;Protected Branches&lt;/STRONG&gt;&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;Prevents production care data corruption &amp;amp; isolates developer test and compliance loops via Branching&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;&lt;STRONG&gt;Cache Prioritization -&amp;nbsp;&lt;/STRONG&gt;Data on protected branches gets storage cache priority for sub second query speeds&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="33.37393422655298%"&gt;&lt;STRONG&gt;Customer-Managed Keys (CMK)&lt;/STRONG&gt;&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;Data sovereignty over Protected Health Information (PHI) at rest&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;&lt;STRONG&gt;Autoscaling Exclusive -&amp;nbsp;&lt;/STRONG&gt;Applies strictly to Autoscaling workspaces. Key revocation acts as an instant workspace wide lock down&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="33.37393422655298%"&gt;&lt;STRONG&gt;Private Link&lt;/STRONG&gt;&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;Private Network isolation eliminating less secure public internet for live care device syncs&lt;/TD&gt;&lt;TD width="33.333333333333336%"&gt;Dedicated inbound private endpoints for both standard and performance-intensive services &lt;SPAN&gt;ensure all care vitals traffic remains within controlled network perimeters addressing &lt;STRONG&gt;compliance&lt;/STRONG&gt; requirements and reducing compliance &lt;STRONG&gt;audit&lt;/STRONG&gt; scope&lt;/SPAN&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;/TBODY&gt;&lt;/TABLE&gt;&lt;P&gt;&lt;EM&gt;&lt;SPAN&gt;&lt;STRONG&gt;Fortify&lt;/STRONG&gt;&amp;nbsp;Healthcare Lakebases by embedding &lt;STRONG&gt;security&lt;/STRONG&gt; at the platform level. Deploy &lt;STRONG&gt;Protected Branches&lt;/STRONG&gt; for operational &lt;STRONG&gt;stability&lt;/STRONG&gt; and data &lt;STRONG&gt;integrity&lt;/STRONG&gt;, &lt;STRONG&gt;CMK&lt;/STRONG&gt; for encryption &lt;STRONG&gt;sovereignty&amp;nbsp;&lt;/STRONG&gt;and &lt;STRONG&gt;Private Link&lt;/STRONG&gt; for &lt;STRONG&gt;network isolation&lt;/STRONG&gt; elevating Lakebase from a transactional database into an audit-ready care platform. Implementing this &lt;STRONG&gt;security triad&lt;/STRONG&gt; is a foundational step toward building&amp;nbsp;AI powered Care Agents or Real Time care monitoring systems that meet HIPAA compliance requirements&lt;/SPAN&gt;&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 25 Jun 2026 18:08:57 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/fortifying-enterprise-healthcare-databricks-lakebase-with-the/m-p/160552#M67</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-06-25T18:08:57Z</dc:date>
    </item>
    <item>
      <title>Re: Databricks Lakebase Just Eliminated the Wall Between Applications and Analytics.</title>
      <link>https://community.databricks.com/t5/lakebase-articles/databricks-lakebase-just-eliminated-the-wall-between/m-p/160214#M66</link>
      <description>&lt;P class=""&gt;&lt;SPAN&gt;Interesting perspective. The challenge of managing separate operational and analytical systems has been a pain point for years, especially as data volumes continue to grow. Reducing dependency on complex ETL pipelines could simplify architecture and improve real-time decision-making.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;The same trend can be seen in customer communication platforms, where businesses increasingly rely on a unified &lt;A href="https://100coins.co.in/sms-gateway-api" target="_self"&gt;SMS API&lt;/A&gt; to connect applications, automate notifications, and access real-time messaging data without maintaining multiple disconnected systems. Simplifying infrastructure while improving data accessibility is a direction many technologies seem to be moving toward. It will be interesting to see how Lakebase impacts data engineering workflows in the coming years.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 23 Jun 2026 09:58:52 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/databricks-lakebase-just-eliminated-the-wall-between/m-p/160214#M66</guid>
      <dc:creator>SMS_Gateway</dc:creator>
      <dc:date>2026-06-23T09:58:52Z</dc:date>
    </item>
    <item>
      <title>Re: How to prevent users from creating Lakebase compute?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159870#M112</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/122949"&gt;@charl-p-botha&lt;/a&gt;,&lt;/P&gt;
&lt;P data-pm-slice="1 1 []"&gt;Based on the current public documentation, I believe your reading is correct. In a Lakebase-enabled workspace, CAN_CREATE is inherited by all workspace users and cannot currently be granted or revoked on a per-project basis. The Azure Databricks docs for &lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/grant-permissions-programmatically" rel="noopener noreferrer nofollow" target="_blank"&gt;granting permissions programmatically&lt;/A&gt; state that the grantable permission levels for Lakebase projects are only CAN_USE and CAN_MANAGE, and that CAN_CREATE is inherited automatically from the workspace and cannot be explicitly granted or revoked.&lt;/P&gt;
&lt;P&gt;The same position is reflected in the public docs for &lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/manage-project-permissions" rel="noopener noreferrer nofollow" target="_blank"&gt;managing project permissions&lt;/A&gt;, which say that the default permissions for a newly created project include CAN_CREATE for all workspace users. The public ACL reference also says that all workspace users automatically inherit CAN_CREATE and that this permission cannot be assigned or removed.&lt;/P&gt;
&lt;P&gt;I agree that this feels out of step with the rest of the platform. A workspace-level entitlement, or a privilege analogous to existing compute-creation controls, would be a much more natural fit here. At the moment, however, I have not found any documentation describing a supported way to selectively prevent some workspace users from creating Lakebase projects while still leaving Lakebase enabled for others.&lt;/P&gt;
&lt;P&gt;So my understanding is that the only clearly documented hard control is to disable the feature entirely at the workspace or account level through Databricks Support, which, of course, does not help if you want Lakebase enabled only for a controlled subset of users.&lt;/P&gt;
&lt;P class="wnfdntt _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea" data-pm-slice="1 1 []"&gt;If you want to push for this, I think this is a reasonable product feature request to raise with Databricks. You can submit it through the &lt;A href="https://www.databricks.com/feedback" rel="noopener noreferrer nofollow" target="_blank"&gt;Databricks Ideas Portal&lt;/A&gt;, or from within a workspace using &lt;A href="https://docs.databricks.com/aws/en/resources/ideas" rel="noopener noreferrer nofollow" target="_blank"&gt;Send feedback&lt;/A&gt;. I would frame it specifically as a request for a workspace-level entitlement or revocable privilege that lets admins control who can create Lakebase projects, because that would directly address the governance and cost-management gap described above.&lt;/P&gt;
&lt;P class="p1"&gt;&lt;FONT size="2" color="#FF6600"&gt;&lt;STRONG&gt;&lt;I&gt;If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.&lt;/I&gt;&lt;/STRONG&gt;&lt;/FONT&gt;&lt;I&gt;&lt;/I&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 19 Jun 2026 09:14:29 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159870#M112</guid>
      <dc:creator>Ashwin_DSA</dc:creator>
      <dc:date>2026-06-19T09:14:29Z</dc:date>
    </item>
    <item>
      <title>Zero Code REST Integration for Modern HealthCare Vitals via Databricks Lakebase Data API</title>
      <link>https://community.databricks.com/t5/lakebase-articles/zero-code-rest-integration-for-modern-healthcare-vitals-via/m-p/159768#M65</link>
      <description>&lt;P&gt;The friction between modern operational edge applications and core analytical data systems is a massive architectural bottleneck in healthcare organizations. Building patient-facing mobile applications, synchronizing remote patient monitoring (RPM) wearables or streaming IoT care device metrics, Robust Frontends need a way to &lt;STRONG&gt;securely read and write&lt;/STRONG&gt; telemetry data back to the system of record.&lt;/P&gt;&lt;P&gt;Organizations achieved it via a heavy custom &lt;STRONG&gt;middleware&lt;/STRONG&gt; - spinning up containerized Fast API or custom microservices to handle complex ORM maps, managing connection pools and building custom validation layers. API endpoints break every time a biometric table schema evolved. Every time a new access code rule is rolled out, engineering teams are forced to re audit code across multiple application layers to maintain strict compliance &amp;amp; performance.&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Databricks Lakebase&lt;/STRONG&gt; broke the traditional wall between real time operational workloads and the analytical lake house. It also helps organizations to expose the relevant necessary data &amp;amp; its state to edge applications without the engineering debt of a custom backend via the &lt;STRONG&gt;Lakebase Data API &lt;/STRONG&gt;seamlessly.&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;FONT size="4"&gt;&lt;STRONG&gt;Eliminating Middleware via Data API&lt;/STRONG&gt;&lt;/FONT&gt;&lt;/U&gt;&lt;/P&gt;&lt;P&gt;Data API automatically generates a secure, production-ready, RESTful HTTP endpoints on top of the operational Lakebase PostgreSQL schemas. This is a highly optimized serverless engine built to be natively compatible with the popular open-source &lt;STRONG&gt;PostgREST&lt;/STRONG&gt; specification.&amp;nbsp;Organizations can &lt;STRONG&gt;toggle&lt;/STRONG&gt; a &lt;STRONG&gt;single configuration switch&lt;/STRONG&gt; inside the &lt;STRONG&gt;Lakebase&lt;/STRONG&gt; workspace instead of deploying independent container infrastructure to expose care data. Data is ready to be served via a&amp;nbsp; secure, auto-scaling &lt;STRONG&gt;REST endpoint&lt;/STRONG&gt;.&lt;/P&gt;&lt;P&gt;The API dynamically translates JSON payloads over HTTPS into highly performant PostgreSQL queries. Additionally, it auto-generates a &lt;STRONG&gt;OpenAPI&lt;/STRONG&gt; 3.0 specification if enabled, allowing front-end teams to automatically reference interactive documentation without backend developer intervention.&lt;/P&gt;&lt;P&gt;&lt;FONT size="4"&gt;&lt;U&gt;&lt;STRONG&gt;SQL &amp;amp; HTTP - Mapping Telemetry to REST&lt;/STRONG&gt;&lt;/U&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;The Data API maps standard HTTP verbs directly to underlying SQL behaviors. Client-side applications read and write healthcare vitals using clean, native URL parameters for filtering, sorting and pagination.&lt;/P&gt;&lt;TABLE&gt;&lt;TBODY&gt;&lt;TR&gt;&lt;TD width="91.8125px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Method&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="240.344px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Target Path&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="110.156px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Database Action&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="378.354px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Modern Cases&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="91.8125px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;POST&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="240.344px" height="77px"&gt;&lt;P&gt;/public/patient_vitals&lt;/P&gt;&lt;/TD&gt;&lt;TD width="110.156px" height="77px"&gt;&lt;P&gt;INSERT&lt;/P&gt;&lt;/TD&gt;&lt;TD width="378.354px" height="77px"&gt;&lt;P&gt;Wearable devices pushing real-time heart rate, SpO2 and pressure payloads.&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="91.8125px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;GET&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="240.344px" height="77px"&gt;&lt;P&gt;/public/patient_vitals?patient_id=eq.742&lt;/P&gt;&lt;/TD&gt;&lt;TD width="110.156px" height="77px"&gt;&lt;P&gt;SELECT&lt;/P&gt;&lt;/TD&gt;&lt;TD width="378.354px" height="77px"&gt;&lt;P&gt;A patient portal dashboard fetching historical vitals with built-in URL filtering.&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="91.8125px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;PATCH&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="240.344px" height="77px"&gt;&lt;P&gt;/public/vitals_alerts?id=eq.901&lt;/P&gt;&lt;/TD&gt;&lt;TD width="110.156px" height="77px"&gt;&lt;P&gt;UPDATE&lt;/P&gt;&lt;/TD&gt;&lt;TD width="378.354px" height="77px"&gt;&lt;P&gt;A care workstation updating a specific alert status flag from "pending" to "reviewed".&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="91.8125px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;POST&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="240.344px" height="77px"&gt;&lt;P&gt;/public/rpc/flag_anomaly&lt;/P&gt;&lt;/TD&gt;&lt;TD width="110.156px" height="77px"&gt;&lt;P&gt;Stored Function&lt;/P&gt;&lt;/TD&gt;&lt;TD width="378.354px" height="77px"&gt;&lt;P&gt;Executing a database-native statistical function to evaluate immediate metric anomalies.&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;/TBODY&gt;&lt;/TABLE&gt;&lt;P&gt;&lt;STRONG&gt;Routing Note -&lt;/STRONG&gt;&amp;nbsp;The raw base URL string provided in workspace console does not point to a specific schema context by default. Application code must explicitly append the target database schema name (such as /public/) preceding the table path to resolve correctly.&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;FONT size="4"&gt;&lt;STRONG&gt;Enterprise Grade Security at the Edge via Row-Level Security&lt;/STRONG&gt;&lt;/FONT&gt;&lt;/U&gt;&lt;/P&gt;&lt;P&gt;Exposing database engine endpoints directly to REST traffic requires careful security planning to ensure strict compliance with frameworks. Lakebase provides robust capabilities using tokens &amp;amp; native PostgreSQL&lt;STRONG&gt; Row-Level Security (RLS)&lt;/STRONG&gt;.&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Creating Security Barriers -&amp;nbsp;&lt;/STRONG&gt;&lt;/U&gt;To construct an absolute data isolation boundary where physicians can only view metrics for patients assigned to them, you can enforce declarative Postgres RLS policies that listen directly to the Databricks identity context via the current_user instead of writing complex filtering middleware in an API app tier.&lt;/P&gt;&lt;LI-CODE lang="python"&gt;-- Step 1: Force the vitals table to enforce active security policies
ALTER TABLE care_vitals ENABLE ROW LEVEL SECURITY;

-- Step 2: Establish a strict isolation boundary based on the authenticated provider

CREATE POLICY provider_isolation_barrier ON care_vitals
USING (assigned_provider_email = current_user);&lt;/LI-CODE&gt;&lt;P&gt;When &lt;EM&gt;&lt;STRONG&gt;Dr.&amp;nbsp;&lt;/STRONG&gt;&lt;STRONG&gt;Mika Hakkinen&lt;/STRONG&gt;&lt;/EM&gt; triggers a read request, the database engine intercepts the query and strips away non-matching patient rows at the storage level before any serialization occurs providing bulletproof governance.&lt;/P&gt;&lt;P&gt;&lt;FONT size="4"&gt;&lt;U&gt;&lt;STRONG&gt;Boundaries&lt;/STRONG&gt;&lt;/U&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;While the zero code Data API drastically accelerates development velocity, organizations must design around distinct operational boundaries.&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;STRONG&gt;Schema Cache Lag:&lt;/STRONG&gt;&amp;nbsp;The Data API engine aggressively caches your PostgreSQL schema dictionary to achieve sub-millisecond network routing speeds. If you run a migration to add a new biometric column (like glucose_level) via the SQL Editor, the REST endpoint will not dynamically expose it. You must manually click the &lt;STRONG&gt;"Refresh schema cache"&lt;/STRONG&gt; button in the console UI or hit the platform utility endpoint.&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Scale-to-Zero Cold Starts:&lt;/STRONG&gt; Because Lake base runs on a modern serverless compute architecture, idle database projects will scale completely to zero to optimize platform spend. If your application database has been inactive, the very first incoming HTTP request will experience a notable "cold start" latency spike while the compute infrastructure re-hydrates.&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Service Principal:&lt;/STRONG&gt; You can provision a separate Service Principal or user account for standard client app testing to ensure robust practices.&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Critical Alert Pathing:&lt;/STRONG&gt; Due to potential scale-to-zero latency spikes and standard internet HTTP overhead, the Data API should &lt;STRONG&gt;not&lt;/STRONG&gt; be used as the primary ingestion pathway for life-critical, hard real-time telemetry (like active ICU code alerts). You can use it for asynchronous telemetry tracking, applications and asynchronous analytics syncs.&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;FONT size="4"&gt;&lt;U&gt;&lt;STRONG&gt;Lake base Data API vs. Custom Backend (Fast API)&lt;/STRONG&gt;&lt;/U&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;You can follow below before deciding to use Zero Code Lake base Data API or a custom backend like Fast API&lt;/P&gt;&lt;TABLE&gt;&lt;TBODY&gt;&lt;TR&gt;&lt;TD width="154.5px" height="50px"&gt;&lt;P&gt;&lt;STRONG&gt;&amp;nbsp;Metric&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="328.698px" height="50px"&gt;&lt;P&gt;&lt;STRONG&gt;Lake base Data API&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="337.469px" height="50px"&gt;&lt;P&gt;&lt;STRONG&gt;Custom API Layer (FastAPI, Express etc)&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="154.5px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Operational Maintenance&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="328.698px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Zero.&lt;/STRONG&gt; Managed by Databricks&lt;/P&gt;&lt;/TD&gt;&lt;TD width="337.469px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;High.&lt;/STRONG&gt; Requires managing container clusters/os etc&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="154.5px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Development Velocity&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="328.698px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Instant&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="337.469px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Slow.&lt;/STRONG&gt; Requires writing routing paths, controllers and schemas manually.&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="154.5px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Procedural Logic Scope&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="328.698px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Database-Centric&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="337.469px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Unlimited.&lt;/STRONG&gt; Can execute arbitrary application code, loops and microservices.&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="154.5px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Orchestration Capability&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="328.698px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Single Source.&lt;/STRONG&gt; Can operate within the boundaries of Lake base.&lt;/P&gt;&lt;/TD&gt;&lt;TD width="337.469px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Multi-Source.&lt;/STRONG&gt; Can ingest webhooks, hit third-party APIs and mix data sources.&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="154.5px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Security Governance&lt;/STRONG&gt;&lt;/P&gt;&lt;/TD&gt;&lt;TD width="328.698px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Native.&lt;/STRONG&gt; Directly tied into Unity Catalog and OAuth identities at the engine level.&lt;/P&gt;&lt;/TD&gt;&lt;TD width="337.469px" height="77px"&gt;&lt;P&gt;&lt;STRONG&gt;Decoupled.&lt;/STRONG&gt; Requires manual JWT handling, decoding and custom policy mapping.&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;/TBODY&gt;&lt;/TABLE&gt;&lt;P&gt;&lt;EM&gt;You can use&amp;nbsp;&lt;STRONG&gt;Zero-Code API&lt;/STRONG&gt; if&amp;nbsp;the native Data API represents the ideal path for building management portals, handling operational CRUD lifecycles for care administration, updating session history or tracking immediate context from client-side runtime environments.&amp;nbsp;&lt;/EM&gt;&lt;EM&gt;You can use&lt;STRONG&gt; Custom API&amp;nbsp;&lt;/STRONG&gt;if&amp;nbsp;the organizational application demands multi-step distributed transactional logic, requires ingestion of external non-database webhooks (such as verifying a third-party pharmacy API or insurance eligibility endpoint before modifying records) or performs massive compute-heavy formatting conversions that shouldn't burden a database engine.&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 18 Jun 2026 16:32:21 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/zero-code-rest-integration-for-modern-healthcare-vitals-via/m-p/159768#M65</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-06-18T16:32:21Z</dc:date>
    </item>
    <item>
      <title>How to prevent users from creating Lakebase compute?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159730#M111</link>
      <description>&lt;P&gt;Dear community,&lt;/P&gt;&lt;P&gt;According to [1] and other sources, all workspace users are assigned `CAN_CREATE` on lakebase projects, and this permission "can't be revoked".&lt;/P&gt;&lt;P&gt;The problem is that such a project comes with by default a 8 - 16 CU lakebase compute instance (Scale-to-zero is enabled, but with a 24-hour idle timeout, any connection or query immediately resumes it, and it has a non-zero minimum (always-on baseline)), which means that anyone of our workspace(s) users is able to rack up a sizeable bill by accident. (the moment you create the project, the compute starts running).&lt;/P&gt;&lt;P&gt;After an in-depth exploration of all documentation and also the latest databricks cli, I have not been able to find any way to disable this regrettable default.&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Please suggest a way whereby workspace users can be prevented from creating lakebase projects?&lt;/STRONG&gt; We DO want to use lakebase for a number of our products, but we definitely also need to be able to specify who is able to create / use and who is not. (fully disabling the feature via support ticket as suggested in this forum post [2] would not work)&lt;BR /&gt;&lt;BR /&gt;It would be far preferable to have it as an entitlement, or even connected to an existing entitlement (the aptly titled "Allow unrestricted cluster creation" could work), or first prize would be a revokable / assignable privilege. As it stands, there are no usable levers, which is &lt;EM&gt;highly&lt;/EM&gt; uncharacteristic of Databricks products.&lt;/P&gt;&lt;P&gt;Please help.&lt;/P&gt;&lt;P&gt;Kind regards,&lt;BR /&gt;Charl Botha, Stone Three&lt;BR /&gt;&lt;BR /&gt;[1]&amp;nbsp;&lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/grant-permissions-programmatically" target="_blank" rel="noopener"&gt;https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/grant-permissions-programmatically&lt;/A&gt;&lt;BR /&gt;[2]&amp;nbsp;&lt;A href="https://community.databricks.com/t5/lakebase-discussions/disable-lakebase-and-model-serving-foundation-models-at-account/m-p/148792" target="_blank" rel="noopener"&gt;https://community.databricks.com/t5/lakebase-discussions/disable-lakebase-and-model-serving-foundation-models-at-account/m-p/148792&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 18 Jun 2026 13:35:32 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159730#M111</guid>
      <dc:creator>charl-p-botha</dc:creator>
      <dc:date>2026-06-18T13:35:32Z</dc:date>
    </item>
    <item>
      <title>Re: HealthCare Prior Authorizations with Databricks Lakebase Vector Search</title>
      <link>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158894#M64</link>
      <description>&lt;P&gt;Great - let's connect over email - &lt;A href="mailto:venkat@langguard.ai" target="_blank"&gt;venkat@langguard.ai&lt;/A&gt;&amp;nbsp;&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;Our platform is built on Lakebase, Lakehouse and Unity AI Gateway. We deploy as an App.&amp;nbsp;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 12 Jun 2026 14:57:14 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158894#M64</guid>
      <dc:creator>smithsonian</dc:creator>
      <dc:date>2026-06-12T14:57:14Z</dc:date>
    </item>
    <item>
      <title>Re: HealthCare Prior Authorizations with Databricks Lakebase Vector Search</title>
      <link>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158893#M63</link>
      <description>&lt;P&gt;I won't be at DAIS in person this year, but I've already got my sights set on DAIS 2027. Kudos to your team on securing Booth 727 this year. Wish you the best of luck with the crowd!&lt;/P&gt;&lt;P&gt;We shall connect on the Lake base architecture toward the end of the month post DAIS.&lt;/P&gt;</description>
      <pubDate>Fri, 12 Jun 2026 14:51:15 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158893#M63</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-06-12T14:51:15Z</dc:date>
    </item>
    <item>
      <title>Re: HealthCare Prior Authorizations with Databricks Lakebase Vector Search</title>
      <link>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158836#M62</link>
      <description>&lt;P&gt;I love to learn more about this architecture. Are you attending DAIS next week in San Francisco?&lt;/P&gt;</description>
      <pubDate>Thu, 11 Jun 2026 22:22:34 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158836#M62</guid>
      <dc:creator>smithsonian</dc:creator>
      <dc:date>2026-06-11T22:22:34Z</dc:date>
    </item>
    <item>
      <title>HealthCare Prior Authorizations with Databricks Lakebase Vector Search</title>
      <link>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158819#M61</link>
      <description>&lt;P&gt;Healthcare organizations possess enormous volumes of care, operational and payer related data. Every care interaction generates information across care notes, diagnosis records, medication histories, imaging reports, claims systems and payer policies. Yet when it comes to one of the most critical administrative decisions in healthcare - obtaining &lt;STRONG&gt;Prior Authorization Approval&lt;/STRONG&gt; - care organizations continue to rely on manual reviews, fragmented searches and disconnected systems.&lt;/P&gt;&lt;P&gt;The gap between information availability and decision readiness creates significant inefficiencies. Care staff spend lot of time gathering supporting evidence, reviewing historical cases and validating payer requirements. &lt;STRONG&gt;Approval delays&lt;/STRONG&gt; can postpone treatments, &lt;STRONG&gt;increase operational costs&lt;/STRONG&gt; and negatively &lt;STRONG&gt;impact care experience&lt;/STRONG&gt;. The key challenge is transforming available information into actionable intelligence at the moment a prior authorization request is submitted.&lt;/P&gt;&lt;P&gt;Every authorization request requires a combination of care context, care justification, payer policy alignment and historical evidence. Organizations must continuously determine whether sufficient evidence exists to support approval and what additional information may strengthen the submission. To achieve this, multiple signals must be evaluated simultaneously including care history, diagnosis patterns, physician observations, payer specific standards and outcomes from previously approved or denied requests.&lt;/P&gt;&lt;P&gt;These signals are consolidated into a single operational metric: the &lt;STRONG&gt;Authorization Confidence Score&lt;/STRONG&gt;. This score represents the likelihood that a request contains sufficient evidence for successful approval. However, the real power lies not in generating a score but in identifying the evidence, actions and recommendations that can increase the probability of approval before submission.&lt;/P&gt;&lt;P&gt;At the core of this architecture is &lt;STRONG&gt;Lake base&lt;/STRONG&gt;, which serves as the operational intelligence &lt;STRONG&gt;foundation&lt;/STRONG&gt; for the &lt;STRONG&gt;Prior Authorization Copilot application&lt;/STRONG&gt;. Unlike traditional architectures that separate transactional systems, vector databases and analytical platforms, Lake base provides a unified operational environment where application workflows and AI retrieval operate together. Lake base is a fully managed operational database integrated into the Databricks Data Platform designed to support transactional workloads alongside AI-powered applications in the Lakehouse.&lt;/P&gt;&lt;P&gt;The &lt;STRONG&gt;Prior Authorization Copilot Databricks App&lt;/STRONG&gt; stores its &lt;STRONG&gt;operational&lt;/STRONG&gt; state directly within &lt;STRONG&gt;Lakebase&lt;/STRONG&gt;. Transactional tables manage authorization requests, reviewer assignments, approval workflows, task status, audit history, feedback records and agent execution history. These OLTP tables continuously reflect the live operational state of every authorization request and become the system of record for the application.&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="balajij8_0-1781193673673.png" style="width: 999px;"&gt;&lt;img src="https://community.databricks.com/t5/image/serverpage/image-id/27728i574DD162E5F0E848/image-size/large?v=v2&amp;amp;px=999" role="button" title="balajij8_0-1781193673673.png" alt="balajij8_0-1781193673673.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;Alongside operational tables, Lake base stores &lt;STRONG&gt;vector embeddings&lt;/STRONG&gt; generated from care notes, discharge summaries, payer policies, medical guidelines, imaging reports and historical authorization outcomes. When a new authorization request is submitted, the agent performs &lt;STRONG&gt;semantic retrieval&lt;/STRONG&gt; against these vectors to identify similar historical cases, relevant policies and supporting care evidence. Filtering is then applied using diagnosis codes, treatment categories, insurance providers and authorization status to ensure highly relevant results.&lt;/P&gt;&lt;P&gt;This effectively transforms Lake base into a &lt;STRONG&gt;Prior Authorization Intelligence Layer&lt;/STRONG&gt;. The platform provides operational memory and semantic understanding required for AI-driven decision support. Instead of searching multiple systems, reviewers receive evidence-backed recommendations, similar approved cases and suggested documentation required to strengthen the submission.&lt;/P&gt;&lt;P&gt;Once operational intelligence is established in Lake base, the next step is making it actionable through Databricks Apps and AI-powered experiences. &lt;STRONG&gt;Review teams&lt;/STRONG&gt; can immediately identify requests with the &lt;STRONG&gt;highest approval probability&lt;/STRONG&gt;, understand which evidence is missing and determine what actions are required to &lt;STRONG&gt;improve&lt;/STRONG&gt; outcomes. Agents can answer questions such as which historical approvals are most similar, what payer policies apply and what documentation should be included before submission.&lt;/P&gt;&lt;P&gt;While &lt;STRONG&gt;Lakebase&lt;/STRONG&gt; powers &lt;STRONG&gt;operational intelligence, Memory&lt;/STRONG&gt; and &lt;STRONG&gt;vector search&lt;/STRONG&gt;, the &lt;STRONG&gt;Lakehouse&lt;/STRONG&gt; provides the broader &lt;STRONG&gt;analytical&lt;/STRONG&gt; and AI foundation. Historical authorization trends, approval rates, denial patterns and payer behavior can be analyzed at scale. &lt;STRONG&gt;Machine learning models&lt;/STRONG&gt; can predict approval likelihood, identify emerging denial patterns and generate recommendations that are written back into Lakebase to influence future authorization decisions. Outcomes generated within operational workflows continuously flow back into the Lakehouse for learning and optimization.&lt;/P&gt;&lt;P&gt;This represents a broader shift in healthcare operations. Organizations move from manual evidence gathering to AI-assisted decision intelligence, from fragmented searches to unified operational context and from reactive authorization processing to proactive approval optimization. By combining Lakebase Vector Search for operational intelligence with the Databricks Lakehouse for analytics and AI, healthcare organizations can significantly reduce authorization cycle times, improve approval rates and accelerate access to care.&lt;/P&gt;&lt;P&gt;&lt;EM&gt;The future of healthcare operations lies in systems that do not simply store data but actively guide decisions. By combining transactional workflows, vector search, operational memory and AI driven recommendations within Lakebase, Care Organizations can build &lt;STRONG&gt;Prior Authorization Intelligence platforms&lt;/STRONG&gt; where every authorization request becomes faster, smarter and continuously optimized.&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 11 Jun 2026 16:18:26 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/healthcare-prior-authorizations-with-databricks-lakebase-vector/m-p/158819#M61</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-06-11T16:18:26Z</dc:date>
    </item>
    <item>
      <title>Why We Moved Our Operational Database Into Databricks — And Stopped Managing Two Stacks</title>
      <link>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/158749#M60</link>
      <description>&lt;P class=""&gt;&lt;STRONG&gt;Lakebase just went GA. Here's what a production migration actually looks like.&lt;/STRONG&gt;&lt;/P&gt;&lt;HR /&gt;&lt;P class=""&gt;For most of the last decade, our data infrastructure lived in two separate worlds.&lt;/P&gt;&lt;P class=""&gt;On one side: a transactional database handling operational workloads — the writes, the lookups, the real-time application queries. On the other: the lakehouse handling analytics, ML features, historical reporting, everything batch.&lt;/P&gt;&lt;P class=""&gt;These two worlds never fully talked to each other. Data moved between them through pipelines. Pipelines broke. Governance existed in one place but not the other. When an ML model needed features derived from operational data, you'd build a sync job, pray it stayed in sync, and explain to stakeholders why the numbers in the app and the numbers in the dashboard were subtly different.&lt;/P&gt;&lt;P class=""&gt;This is the architecture most data teams are still running. It's familiar enough that most people have stopped questioning it.&lt;/P&gt;&lt;P class=""&gt;When Databricks released Lakebase into general availability this year, I decided it was worth questioning.&lt;/P&gt;&lt;HR /&gt;&lt;H3 id="toc-hId-1424301163"&gt;What the problem actually was&lt;/H3&gt;&lt;P class=""&gt;The split-stack problem sounds abstract until you live through a specific version of it.&lt;/P&gt;&lt;P class=""&gt;Our operational system handled real-time booking and status updates. Our analytics lakehouse handled everything downstream — revenue reporting, demand forecasting, customer behavior analysis. Getting data from one to the other meant a pipeline with a lag. That lag was acceptable for reporting. It was not acceptable when the ML model feeding real-time pricing decisions was working off features that were hours behind the current state of the world.&lt;/P&gt;&lt;P class=""&gt;The standard fix is to build faster pipelines. We did. The pipelines helped but didn't solve the root issue: two systems, two governance models, two places where schema changes could silently break something downstream before anyone noticed.&lt;/P&gt;&lt;P class=""&gt;What we actually needed was one system — transactional and analytical in the same governed layer.&lt;/P&gt;&lt;HR /&gt;&lt;H3 id="toc-hId--1127855798"&gt;What Lakebase is&lt;/H3&gt;&lt;P class=""&gt;Lakebase is Databricks' serverless PostgreSQL product. The architectural premise is straightforward: run OLTP workloads — the kind of transactional writes and point lookups that live in your application database — inside the same Unity Catalog governance layer that already governs your lakehouse.&lt;/P&gt;&lt;P class=""&gt;In practice this means a real PostgreSQL-compatible database. Standard connection strings. Standard client libraries. Your application code doesn't know it's talking to Databricks. But the data inside it is governed, observable, and accessible to the same pipelines, notebooks, and ML workflows that read your Delta tables.&lt;/P&gt;&lt;P class=""&gt;The feature that changes the architecture calculus most is database branching. You can create a full copy of a production database in seconds — not minutes, not a backup restore — and use it for testing, for staging deployments, for letting a data scientist explore without touching production state. When you're done, you discard the branch. The underlying storage is shared, so the copy is nearly free until you start writing to it.&lt;/P&gt;&lt;HR /&gt;&lt;H3 id="toc-hId-614954537"&gt;What the migration looked like&lt;/H3&gt;&lt;P class=""&gt;We moved a non-critical but real operational workload first. Deliberately not our most important system — we wanted to understand failure modes without the pressure of a production incident.&lt;/P&gt;&lt;P class=""&gt;The migration itself was less dramatic than expected. Lakebase is PostgreSQL-compatible, which meant our application connection strings changed and almost nothing else did. Stored procedures, queries, ORM configurations — they came over cleanly.&lt;/P&gt;&lt;P class=""&gt;What required real work was rethinking how we had been handling environment promotion. Previously, promoting a schema change from development to staging to production involved backup-restore cycles, migration scripts, and coordination across two teams. With branching, the workflow became: create a branch from production, run the migration against the branch, validate, merge. The same pattern a software engineer uses for code, applied to database state.&lt;/P&gt;&lt;P class=""&gt;The first time we used this in a real deployment it felt slightly wrong — it was too easy. That feeling faded.&lt;/P&gt;&lt;HR /&gt;&lt;H3 id="toc-hId--1937202424"&gt;What changed for the ML team&lt;/H3&gt;&lt;P class=""&gt;This is where the real payoff showed up, and it wasn't something I had fully anticipated when we started.&lt;/P&gt;&lt;P class=""&gt;Previously, building ML features from operational data meant a pipeline, a lag, and a constant negotiation about acceptable staleness. The model knew about the world as it was some hours ago. For some use cases that was fine. For anything real-time or near-real-time, it was a constraint we worked around rather than solved.&lt;/P&gt;&lt;P class=""&gt;With the operational data in Lakebase and Lakebase inside Unity Catalog, the ML feature pipeline is a query, not a sync job. The features are derived directly from the live operational state. The lag went from hours to the latency of a SQL query.&lt;/P&gt;&lt;P class=""&gt;More importantly: the governance model is the same. Column-level permissions, data lineage, access auditing — the operational data gets the same treatment as everything else in the lakehouse. We stopped maintaining two permission models and stopped explaining to compliance why certain data was governed in one system but not the other.&lt;/P&gt;&lt;HR /&gt;&lt;H3 id="toc-hId--194392089"&gt;What doesn't work yet&lt;/H3&gt;&lt;P class=""&gt;Lakebase is GA but it's early GA. A few things worth knowing before you start planning a migration:&lt;/P&gt;&lt;P class=""&gt;Complex analytical queries with large aggregations don't belong in Lakebase. It's OLTP-optimized. For heavy analytics you still read from Delta tables in your lakehouse. The architecture isn't Lakebase replacing everything — it's Lakebase handling the operational write path while Delta handles the analytical read path, with Unity Catalog connecting both.&lt;/P&gt;&lt;P class=""&gt;Region availability is still rolling out. Check your specific cloud and region before planning anything time-sensitive.&lt;/P&gt;&lt;P class=""&gt;The branching feature is powerful but requires you to rethink how you test database migrations. Teams with deeply embedded backup-restore workflows will need to update their runbooks. Not hard, but it requires intentional change.&lt;/P&gt;&lt;HR /&gt;&lt;H3 id="toc-hId-1548418246"&gt;The honest verdict&lt;/H3&gt;&lt;P class=""&gt;We didn't eliminate the complexity of running operational and analytical workloads together. We moved that complexity into the platform instead of carrying it ourselves.&lt;/P&gt;&lt;P class=""&gt;The pipelines that used to sync data between two stacks are gone. The permission model that existed in two places exists in one. The ML features that used to be hours stale are current. The deployment workflow that used to involve backup-restore cycles uses branching.&lt;/P&gt;&lt;P class=""&gt;None of these are revolutionary in isolation. Together, they add up to a meaningful reduction in the operational overhead of running a data platform that serves both applications and analytics.&lt;/P&gt;&lt;P class=""&gt;The two-stack world made sense for a long time because there was no good alternative. There's an alternative now.&lt;/P&gt;&lt;HR /&gt;&lt;P class=""&gt;&lt;EM&gt;Naveen Ayalla is a Senior Data Engineer with experience building petabyte-scale data platforms and real-time ML pipelines across aviation and enterprise technology.&lt;/EM&gt;&lt;/P&gt;&lt;P class=""&gt;&lt;EM&gt;Note: Reposting the Article in right community&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 10 Jun 2026 23:48:25 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/158749#M60</guid>
      <dc:creator>naveenayalla</dc:creator>
      <dc:date>2026-06-10T23:48:25Z</dc:date>
    </item>
    <item>
      <title>Re: Why We Moved Our Operational Database Into Databricks — And Stopped Managing Two Stacks</title>
      <link>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/158738#M71</link>
      <description>&lt;P&gt;Great write up and felt useful. Thanks for sharing the real experience.!&lt;/P&gt;</description>
      <pubDate>Wed, 10 Jun 2026 16:50:40 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/158738#M71</guid>
      <dc:creator>Mailendiran</dc:creator>
      <dc:date>2026-06-10T16:50:40Z</dc:date>
    </item>
    <item>
      <title>Why We Moved Our Operational Database Into Databricks — And Stopped Managing Two Stacks</title>
      <link>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/158709#M70</link>
      <description>&lt;P class=""&gt;&lt;STRONG&gt;Lakebase just went GA. Here's what a production migration actually looks like.&lt;/STRONG&gt;&lt;/P&gt;&lt;HR /&gt;&lt;P class=""&gt;For most of the last decade, our data infrastructure lived in two separate worlds.&lt;/P&gt;&lt;P class=""&gt;On one side: a transactional database handling operational workloads — the writes, the lookups, the real-time application queries. On the other: the lakehouse handling analytics, ML features, historical reporting, everything batch.&lt;/P&gt;&lt;P class=""&gt;These two worlds never fully talked to each other. Data moved between them through pipelines. Pipelines broke. Governance existed in one place but not the other. When an ML model needed features derived from operational data, you'd build a sync job, pray it stayed in sync, and explain to stakeholders why the numbers in the app and the numbers in the dashboard were subtly different.&lt;/P&gt;&lt;P class=""&gt;This is the architecture most data teams are still running. It's familiar enough that most people have stopped questioning it.&lt;/P&gt;&lt;P class=""&gt;When Databricks released Lakebase into general availability this year, I decided it was worth questioning.&lt;/P&gt;&lt;HR /&gt;&lt;H3&gt;What the problem actually was&lt;/H3&gt;&lt;P class=""&gt;The split-stack problem sounds abstract until you live through a specific version of it.&lt;/P&gt;&lt;P class=""&gt;Our operational system handled real-time booking and status updates. Our analytics lakehouse handled everything downstream — revenue reporting, demand forecasting, customer behavior analysis. Getting data from one to the other meant a pipeline with a lag. That lag was acceptable for reporting. It was not acceptable when the ML model feeding real-time pricing decisions was working off features that were hours behind the current state of the world.&lt;/P&gt;&lt;P class=""&gt;The standard fix is to build faster pipelines. We did. The pipelines helped but didn't solve the root issue: two systems, two governance models, two places where schema changes could silently break something downstream before anyone noticed.&lt;/P&gt;&lt;P class=""&gt;What we actually needed was one system — transactional and analytical in the same governed layer.&lt;/P&gt;&lt;HR /&gt;&lt;H3&gt;What Lakebase is&lt;/H3&gt;&lt;P class=""&gt;Lakebase is Databricks' serverless PostgreSQL product. The architectural premise is straightforward: run OLTP workloads — the kind of transactional writes and point lookups that live in your application database — inside the same Unity Catalog governance layer that already governs your lakehouse.&lt;/P&gt;&lt;P class=""&gt;In practice this means a real PostgreSQL-compatible database. Standard connection strings. Standard client libraries. Your application code doesn't know it's talking to Databricks. But the data inside it is governed, observable, and accessible to the same pipelines, notebooks, and ML workflows that read your Delta tables.&lt;/P&gt;&lt;P class=""&gt;The feature that changes the architecture calculus most is database branching. You can create a full copy of a production database in seconds — not minutes, not a backup restore — and use it for testing, for staging deployments, for letting a data scientist explore without touching production state. When you're done, you discard the branch. The underlying storage is shared, so the copy is nearly free until you start writing to it.&lt;/P&gt;&lt;HR /&gt;&lt;H3&gt;What the migration looked like&lt;/H3&gt;&lt;P class=""&gt;We moved a non-critical but real operational workload first. Deliberately not our most important system — we wanted to understand failure modes without the pressure of a production incident.&lt;/P&gt;&lt;P class=""&gt;The migration itself was less dramatic than expected. Lakebase is PostgreSQL-compatible, which meant our application connection strings changed and almost nothing else did. Stored procedures, queries, ORM configurations — they came over cleanly.&lt;/P&gt;&lt;P class=""&gt;What required real work was rethinking how we had been handling environment promotion. Previously, promoting a schema change from development to staging to production involved backup-restore cycles, migration scripts, and coordination across two teams. With branching, the workflow became: create a branch from production, run the migration against the branch, validate, merge. The same pattern a software engineer uses for code, applied to database state.&lt;/P&gt;&lt;P class=""&gt;The first time we used this in a real deployment it felt slightly wrong — it was too easy. That feeling faded.&lt;/P&gt;&lt;HR /&gt;&lt;H3&gt;What changed for the ML team&lt;/H3&gt;&lt;P class=""&gt;This is where the real payoff showed up, and it wasn't something I had fully anticipated when we started.&lt;/P&gt;&lt;P class=""&gt;Previously, building ML features from operational data meant a pipeline, a lag, and a constant negotiation about acceptable staleness. The model knew about the world as it was some hours ago. For some use cases that was fine. For anything real-time or near-real-time, it was a constraint we worked around rather than solved.&lt;/P&gt;&lt;P class=""&gt;With the operational data in Lakebase and Lakebase inside Unity Catalog, the ML feature pipeline is a query, not a sync job. The features are derived directly from the live operational state. The lag went from hours to the latency of a SQL query.&lt;/P&gt;&lt;P class=""&gt;More importantly: the governance model is the same. Column-level permissions, data lineage, access auditing — the operational data gets the same treatment as everything else in the lakehouse. We stopped maintaining two permission models and stopped explaining to compliance why certain data was governed in one system but not the other.&lt;/P&gt;&lt;HR /&gt;&lt;H3&gt;What doesn't work yet&lt;/H3&gt;&lt;P class=""&gt;Lakebase is GA but it's early GA. A few things worth knowing before you start planning a migration:&lt;/P&gt;&lt;P class=""&gt;Complex analytical queries with large aggregations don't belong in Lakebase. It's OLTP-optimized. For heavy analytics you still read from Delta tables in your lakehouse. The architecture isn't Lakebase replacing everything — it's Lakebase handling the operational write path while Delta handles the analytical read path, with Unity Catalog connecting both.&lt;/P&gt;&lt;P class=""&gt;Region availability is still rolling out. Check your specific cloud and region before planning anything time-sensitive.&lt;/P&gt;&lt;P class=""&gt;The branching feature is powerful but requires you to rethink how you test database migrations. Teams with deeply embedded backup-restore workflows will need to update their runbooks. Not hard, but it requires intentional change.&lt;/P&gt;&lt;HR /&gt;&lt;H3&gt;The honest verdict&lt;/H3&gt;&lt;P class=""&gt;We didn't eliminate the complexity of running operational and analytical workloads together. We moved that complexity into the platform instead of carrying it ourselves.&lt;/P&gt;&lt;P class=""&gt;The pipelines that used to sync data between two stacks are gone. The permission model that existed in two places exists in one. The ML features that used to be hours stale are current. The deployment workflow that used to involve backup-restore cycles uses branching.&lt;/P&gt;&lt;P class=""&gt;None of these are revolutionary in isolation. Together, they add up to a meaningful reduction in the operational overhead of running a data platform that serves both applications and analytics.&lt;/P&gt;&lt;P class=""&gt;The two-stack world made sense for a long time because there was no good alternative. There's an alternative now.&lt;/P&gt;&lt;HR /&gt;&lt;P class=""&gt;&lt;EM&gt;Naveen Ayalla is a Senior Data Engineer with experience building petabyte-scale data platforms and real-time ML pipelines across aviation and enterprise technology.&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 10 Jun 2026 08:38:57 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-articles/why-we-moved-our-operational-database-into-databricks-and/m-p/158709#M70</guid>
      <dc:creator>naveenayalla</dc:creator>
      <dc:date>2026-06-10T08:38:57Z</dc:date>
    </item>
    <item>
      <title>Re: Controlling Agent access to Tools and Tool access to Data Operations</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158292#M110</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/175297"&gt;@venkat-raghavan&lt;/a&gt;,&lt;/P&gt;
&lt;P&gt;Thanks. Good point, and I agree the distinction should be clearer. What I was trying to separate are two related but different ideas...&amp;nbsp;&lt;SPAN&gt;Runtime tool-level control and&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;End-to-end workflow control for destructive changes&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;The public documentation on &lt;A href="https://www.databricks.com/blog/stop-rogue-ai-how-unity-catalog-secures-your-agent-actions" rel="noopener noreferrer nofollow" target="_blank"&gt;service policies&lt;/A&gt; absolutely does imply...and explicitly says... that service policies are there to narrow the action surface at runtime. The blog says the core problem in recent incidents was that agents had delegated authority but lacked restrictions on which tools they could invoke, and there was no trace of what they did. The linked incidents are consistent with that framing. One describes an agent deleting a production volume after finding a token with delete capability, another describes an agent choosing Terraform destroy as the "cleaner and simpler" option during cleanup, and the incident database entry describes an agent reportedly executing unauthorised destructive commands against production data despite repeated instructions not to make changes.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;And the Databricks blog is quite direct about the fix. Once MCPs are registered, you get control over what agents are allowed to do. Service policies evaluate every tool call. Admins can allow, deny, or require consent. And, policies can restrict specific tools like delete_database or conditionally allow them only for certain actors.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;So I agree with your reading...&amp;nbsp;service policies are not just observability. They are a runtime enforcement mechanism whose primary value is to constrain the tool/action surface.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;Where I was drawing a distinction is that this is still slightly narrower than a full workflow pattern like plan → validate/preview → approve → execute. Service policies operate at the individual tool call boundary. Before a tool executes, the policy can block it, allow it, or require consent. That is powerful and important. But it is not automatically the same thing as a multi-step sandboxed change-management workflow with staging, preview state, and commit/abort semantics.&lt;/P&gt;
&lt;P class="p1"&gt;&lt;FONT size="2" color="#FF6600"&gt;&lt;STRONG&gt;&lt;I&gt;If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.&lt;/I&gt;&lt;/STRONG&gt;&lt;/FONT&gt;&lt;I&gt;&lt;/I&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 04 Jun 2026 09:50:24 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158292#M110</guid>
      <dc:creator>Ashwin_DSA</dc:creator>
      <dc:date>2026-06-04T09:50:24Z</dc:date>
    </item>
    <item>
      <title>Re: Controlling Agent access to Tools and Tool access to Data Operations</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158265#M109</link>
      <description>&lt;P&gt;Hi Ashwin&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;I do want to contrast you stated really well from what is stated or implied in the Service Control policies documentation you shared.&lt;BR /&gt;&lt;BR /&gt;You said things&lt;BR /&gt;&lt;BR /&gt;1)&amp;nbsp;&lt;SPAN&gt;For write or move actions, I would strongly recommend a controlled execution pattern... plan → validate/preview → approve → execute. That gives you a checkpoint before any destructive or irreversible action and is much safer than allowing an agent to directly execute whatever it decides at runtime."&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;2)&amp;nbsp;&lt;SPAN&gt;Another important design decision is to make the action surface narrower and suitable for policy implementation. For example, instead of giving an agent broad SQL write access, expose a small set of approved operations via UC functions or MCP tools, and then apply runtime policies to those tool calls (via service policies)&lt;BR /&gt;&lt;BR /&gt;&lt;/SPAN&gt;But the documentation is misleading. The documentation starts with&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;" Agents connected to external tools are taking destructive, irreversible actions in production:&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://www.fastcompany.com/91533544/cursor-claude-ai-agent-deleted-software-company-pocket-os-database-jer-crane" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;wiping entire databases in seconds&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;,&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://medium.com/data-and-beyond/the-ai-agent-deleted-1-9-million-rows-of-production-data-it-thought-it-was-helping-933380134017" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;deleting millions of rows of critical data&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;, and&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://incidentdatabase.ai/cite/1152/" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;dropping production databases mid-task&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;. In each incident, the agent was acting within the scope of their delegated authority. What it lacked was any restriction on which tools it could invoke, and any record of the actions it took.&amp;nbsp; "&lt;BR /&gt;&lt;BR /&gt;This implies that Service policies actually do "controlled execution" wherein it's primary function is to "limit the action surface".&amp;nbsp; The documentation should make this clear.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 04 Jun 2026 02:21:59 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158265#M109</guid>
      <dc:creator>venkat-raghavan</dc:creator>
      <dc:date>2026-06-04T02:21:59Z</dc:date>
    </item>
    <item>
      <title>Re: Controlling Agent access to Tools and Tool access to Data Operations</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158264#M108</link>
      <description>&lt;P&gt;This is perfect. Thanks.&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;I also like your answer on runtime execution - "&lt;SPAN&gt;For write or move actions, I would strongly recommend a controlled execution pattern... plan → validate/preview → approve → execute. That gives you a checkpoint before any destructive or irreversible action and is much safer than allowing an agent to directly execute whatever it decides at runtime."&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 04 Jun 2026 02:07:32 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158264#M108</guid>
      <dc:creator>venkat-raghavan</dc:creator>
      <dc:date>2026-06-04T02:07:32Z</dc:date>
    </item>
  </channel>
</rss>

