<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>All Lakebase Discussions posts</title>
    <link>https://community.databricks.com/t5/lakebase-discussions/bd-p/LakebaseDiscussions</link>
    <description>All Lakebase Discussions posts</description>
    <pubDate>Wed, 01 Jul 2026 02:20:18 GMT</pubDate>
    <dc:creator>LakebaseDiscussions</dc:creator>
    <dc:date>2026-07-01T02:20:18Z</dc:date>
    <item>
      <title>Re: How to prevent users from creating Lakebase compute?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/160678#M114</link>
      <description>&lt;P&gt;Thank you very much for also looking into this.&lt;/P&gt;&lt;P&gt;I've submitted this as feedback via the new Lakebase Postgres web-ui. It doesn't look like I can link to that submitted feedback here. Let's hope for the best.&lt;/P&gt;</description>
      <pubDate>Fri, 26 Jun 2026 14:02:43 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/160678#M114</guid>
      <dc:creator>charl-p-botha</dc:creator>
      <dc:date>2026-06-26T14:02:43Z</dc:date>
    </item>
    <item>
      <title>Re: How to prevent users from creating Lakebase compute?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159870#M112</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/122949"&gt;@charl-p-botha&lt;/a&gt;,&lt;/P&gt;
&lt;P data-pm-slice="1 1 []"&gt;Based on the current public documentation, I believe your reading is correct. In a Lakebase-enabled workspace, CAN_CREATE is inherited by all workspace users and cannot currently be granted or revoked on a per-project basis. The Azure Databricks docs for &lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/grant-permissions-programmatically" rel="noopener noreferrer nofollow" target="_blank"&gt;granting permissions programmatically&lt;/A&gt; state that the grantable permission levels for Lakebase projects are only CAN_USE and CAN_MANAGE, and that CAN_CREATE is inherited automatically from the workspace and cannot be explicitly granted or revoked.&lt;/P&gt;
&lt;P&gt;The same position is reflected in the public docs for &lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/manage-project-permissions" rel="noopener noreferrer nofollow" target="_blank"&gt;managing project permissions&lt;/A&gt;, which say that the default permissions for a newly created project include CAN_CREATE for all workspace users. The public ACL reference also says that all workspace users automatically inherit CAN_CREATE and that this permission cannot be assigned or removed.&lt;/P&gt;
&lt;P&gt;I agree that this feels out of step with the rest of the platform. A workspace-level entitlement, or a privilege analogous to existing compute-creation controls, would be a much more natural fit here. At the moment, however, I have not found any documentation describing a supported way to selectively prevent some workspace users from creating Lakebase projects while still leaving Lakebase enabled for others.&lt;/P&gt;
&lt;P&gt;So my understanding is that the only clearly documented hard control is to disable the feature entirely at the workspace or account level through Databricks Support, which, of course, does not help if you want Lakebase enabled only for a controlled subset of users.&lt;/P&gt;
&lt;P class="wnfdntt _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea" data-pm-slice="1 1 []"&gt;If you want to push for this, I think this is a reasonable product feature request to raise with Databricks. You can submit it through the &lt;A href="https://www.databricks.com/feedback" rel="noopener noreferrer nofollow" target="_blank"&gt;Databricks Ideas Portal&lt;/A&gt;, or from within a workspace using &lt;A href="https://docs.databricks.com/aws/en/resources/ideas" rel="noopener noreferrer nofollow" target="_blank"&gt;Send feedback&lt;/A&gt;. I would frame it specifically as a request for a workspace-level entitlement or revocable privilege that lets admins control who can create Lakebase projects, because that would directly address the governance and cost-management gap described above.&lt;/P&gt;
&lt;P class="p1"&gt;&lt;FONT size="2" color="#FF6600"&gt;&lt;STRONG&gt;&lt;I&gt;If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.&lt;/I&gt;&lt;/STRONG&gt;&lt;/FONT&gt;&lt;I&gt;&lt;/I&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 19 Jun 2026 09:14:29 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159870#M112</guid>
      <dc:creator>Ashwin_DSA</dc:creator>
      <dc:date>2026-06-19T09:14:29Z</dc:date>
    </item>
    <item>
      <title>How to prevent users from creating Lakebase compute?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159730#M111</link>
      <description>&lt;P&gt;Dear community,&lt;/P&gt;&lt;P&gt;According to [1] and other sources, all workspace users are assigned `CAN_CREATE` on lakebase projects, and this permission "can't be revoked".&lt;/P&gt;&lt;P&gt;The problem is that such a project comes with by default a 8 - 16 CU lakebase compute instance (Scale-to-zero is enabled, but with a 24-hour idle timeout, any connection or query immediately resumes it, and it has a non-zero minimum (always-on baseline)), which means that anyone of our workspace(s) users is able to rack up a sizeable bill by accident. (the moment you create the project, the compute starts running).&lt;/P&gt;&lt;P&gt;After an in-depth exploration of all documentation and also the latest databricks cli, I have not been able to find any way to disable this regrettable default.&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Please suggest a way whereby workspace users can be prevented from creating lakebase projects?&lt;/STRONG&gt; We DO want to use lakebase for a number of our products, but we definitely also need to be able to specify who is able to create / use and who is not. (fully disabling the feature via support ticket as suggested in this forum post [2] would not work)&lt;BR /&gt;&lt;BR /&gt;It would be far preferable to have it as an entitlement, or even connected to an existing entitlement (the aptly titled "Allow unrestricted cluster creation" could work), or first prize would be a revokable / assignable privilege. As it stands, there are no usable levers, which is &lt;EM&gt;highly&lt;/EM&gt; uncharacteristic of Databricks products.&lt;/P&gt;&lt;P&gt;Please help.&lt;/P&gt;&lt;P&gt;Kind regards,&lt;BR /&gt;Charl Botha, Stone Three&lt;BR /&gt;&lt;BR /&gt;[1]&amp;nbsp;&lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/grant-permissions-programmatically" target="_blank" rel="noopener"&gt;https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/grant-permissions-programmatically&lt;/A&gt;&lt;BR /&gt;[2]&amp;nbsp;&lt;A href="https://community.databricks.com/t5/lakebase-discussions/disable-lakebase-and-model-serving-foundation-models-at-account/m-p/148792" target="_blank" rel="noopener"&gt;https://community.databricks.com/t5/lakebase-discussions/disable-lakebase-and-model-serving-foundation-models-at-account/m-p/148792&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 18 Jun 2026 13:35:32 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-prevent-users-from-creating-lakebase-compute/m-p/159730#M111</guid>
      <dc:creator>charl-p-botha</dc:creator>
      <dc:date>2026-06-18T13:35:32Z</dc:date>
    </item>
    <item>
      <title>Re: Controlling Agent access to Tools and Tool access to Data Operations</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158292#M110</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/175297"&gt;@venkat-raghavan&lt;/a&gt;,&lt;/P&gt;
&lt;P&gt;Thanks. Good point, and I agree the distinction should be clearer. What I was trying to separate are two related but different ideas...&amp;nbsp;&lt;SPAN&gt;Runtime tool-level control and&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;End-to-end workflow control for destructive changes&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;The public documentation on &lt;A href="https://www.databricks.com/blog/stop-rogue-ai-how-unity-catalog-secures-your-agent-actions" rel="noopener noreferrer nofollow" target="_blank"&gt;service policies&lt;/A&gt; absolutely does imply...and explicitly says... that service policies are there to narrow the action surface at runtime. The blog says the core problem in recent incidents was that agents had delegated authority but lacked restrictions on which tools they could invoke, and there was no trace of what they did. The linked incidents are consistent with that framing. One describes an agent deleting a production volume after finding a token with delete capability, another describes an agent choosing Terraform destroy as the "cleaner and simpler" option during cleanup, and the incident database entry describes an agent reportedly executing unauthorised destructive commands against production data despite repeated instructions not to make changes.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;And the Databricks blog is quite direct about the fix. Once MCPs are registered, you get control over what agents are allowed to do. Service policies evaluate every tool call. Admins can allow, deny, or require consent. And, policies can restrict specific tools like delete_database or conditionally allow them only for certain actors.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;So I agree with your reading...&amp;nbsp;service policies are not just observability. They are a runtime enforcement mechanism whose primary value is to constrain the tool/action surface.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;Where I was drawing a distinction is that this is still slightly narrower than a full workflow pattern like plan → validate/preview → approve → execute. Service policies operate at the individual tool call boundary. Before a tool executes, the policy can block it, allow it, or require consent. That is powerful and important. But it is not automatically the same thing as a multi-step sandboxed change-management workflow with staging, preview state, and commit/abort semantics.&lt;/P&gt;
&lt;P class="p1"&gt;&lt;FONT size="2" color="#FF6600"&gt;&lt;STRONG&gt;&lt;I&gt;If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.&lt;/I&gt;&lt;/STRONG&gt;&lt;/FONT&gt;&lt;I&gt;&lt;/I&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 04 Jun 2026 09:50:24 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158292#M110</guid>
      <dc:creator>Ashwin_DSA</dc:creator>
      <dc:date>2026-06-04T09:50:24Z</dc:date>
    </item>
    <item>
      <title>Re: Controlling Agent access to Tools and Tool access to Data Operations</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158265#M109</link>
      <description>&lt;P&gt;Hi Ashwin&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;I do want to contrast you stated really well from what is stated or implied in the Service Control policies documentation you shared.&lt;BR /&gt;&lt;BR /&gt;You said things&lt;BR /&gt;&lt;BR /&gt;1)&amp;nbsp;&lt;SPAN&gt;For write or move actions, I would strongly recommend a controlled execution pattern... plan → validate/preview → approve → execute. That gives you a checkpoint before any destructive or irreversible action and is much safer than allowing an agent to directly execute whatever it decides at runtime."&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;2)&amp;nbsp;&lt;SPAN&gt;Another important design decision is to make the action surface narrower and suitable for policy implementation. For example, instead of giving an agent broad SQL write access, expose a small set of approved operations via UC functions or MCP tools, and then apply runtime policies to those tool calls (via service policies)&lt;BR /&gt;&lt;BR /&gt;&lt;/SPAN&gt;But the documentation is misleading. The documentation starts with&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;" Agents connected to external tools are taking destructive, irreversible actions in production:&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://www.fastcompany.com/91533544/cursor-claude-ai-agent-deleted-software-company-pocket-os-database-jer-crane" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;wiping entire databases in seconds&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;,&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://medium.com/data-and-beyond/the-ai-agent-deleted-1-9-million-rows-of-production-data-it-thought-it-was-helping-933380134017" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;deleting millions of rows of critical data&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;, and&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://incidentdatabase.ai/cite/1152/" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;dropping production databases mid-task&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;. In each incident, the agent was acting within the scope of their delegated authority. What it lacked was any restriction on which tools it could invoke, and any record of the actions it took.&amp;nbsp; "&lt;BR /&gt;&lt;BR /&gt;This implies that Service policies actually do "controlled execution" wherein it's primary function is to "limit the action surface".&amp;nbsp; The documentation should make this clear.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 04 Jun 2026 02:21:59 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158265#M109</guid>
      <dc:creator>venkat-raghavan</dc:creator>
      <dc:date>2026-06-04T02:21:59Z</dc:date>
    </item>
    <item>
      <title>Re: Controlling Agent access to Tools and Tool access to Data Operations</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158264#M108</link>
      <description>&lt;P&gt;This is perfect. Thanks.&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;I also like your answer on runtime execution - "&lt;SPAN&gt;For write or move actions, I would strongly recommend a controlled execution pattern... plan → validate/preview → approve → execute. That gives you a checkpoint before any destructive or irreversible action and is much safer than allowing an agent to directly execute whatever it decides at runtime."&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 04 Jun 2026 02:07:32 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/158264#M108</guid>
      <dc:creator>venkat-raghavan</dc:creator>
      <dc:date>2026-06-04T02:07:32Z</dc:date>
    </item>
    <item>
      <title>Re: Lakebase Data API private access with Public Network Access disabled</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-data-api-private-access-with-public-network-access/m-p/158092#M107</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/228048"&gt;@POCUSER&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;
&lt;P&gt;Yes, the Lakebase Data API can be used privately with Public Network Access disabled. Because the Data API is a REST endpoint (&lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/data-api" data-saferedirecturl="https://www.google.com/url?q=https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/data-api&amp;amp;source=gmail&amp;amp;ust=1780444042910000&amp;amp;usg=AOvVaw2ITIfs90A4chvSrnL1S5_R" target="_blank"&gt;Lakebase Data API&lt;/A&gt;), it goes through your workspace’s standard inbound (front-end) Private Link, the &lt;CODE&gt;databricks_ui_api&lt;/CODE&gt; endpoint on port 443, not a dedicated one.&lt;/P&gt;
&lt;P&gt;Service Direct Private Link (the port-5432 endpoint for performance-intensive services) is &lt;STRONG&gt;not&lt;/STRONG&gt; required for the Data API. The docs state it directly: “If your applications connect only through the Data API, you don’t need this endpoint.” See &lt;A href="https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/private-link" data-saferedirecturl="https://www.google.com/url?q=https://learn.microsoft.com/en-us/azure/databricks/oltp/projects/private-link&amp;amp;source=gmail&amp;amp;ust=1780444042910000&amp;amp;usg=AOvVaw1l11jrHEhpDRrZCHy8LOnl" target="_blank"&gt;Private Link for Lakebase Autoscaling&lt;/A&gt; and &lt;A href="https://learn.microsoft.com/en-us/azure/databricks/security/network/front-end/service-direct-privatelink" data-saferedirecturl="https://www.google.com/url?q=https://learn.microsoft.com/en-us/azure/databricks/security/network/front-end/service-direct-privatelink&amp;amp;source=gmail&amp;amp;ust=1780444042910000&amp;amp;usg=AOvVaw1644ygf3dKACpX6irEYFJQ" target="_blank"&gt;Configure inbound Private Link for performance-intensive services&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;So this is a DNS issue, not a missing Private Link. With Public Network Access disabled, your DNS must resolve the Data API hostname to the &lt;STRONG&gt;private&lt;/STRONG&gt; IP of your existing inbound private endpoint (the &lt;CODE&gt;&lt;A href="http://privatelink.azuredatabricks.net" data-saferedirecturl="https://www.google.com/url?q=http://privatelink.azuredatabricks.net&amp;amp;source=gmail&amp;amp;ust=1780444042910000&amp;amp;usg=AOvVaw1vv5KfpmJDcMUWdObpeXnZ" target="_blank"&gt;privatelink.azuredatabricks.&lt;WBR /&gt;net&lt;/A&gt;&lt;/CODE&gt; zone, &lt;CODE&gt;databricks_ui_api&lt;/CODE&gt; A record). The 403 is consistent with DNS still resolving the hostname to a public IP instead of your private endpoint. Confirm with &lt;CODE&gt;nslookup&lt;/CODE&gt; that it returns the private IP. See &lt;A href="https://learn.microsoft.com/en-us/azure/databricks/security/network/front-end/front-end-private-connect" data-saferedirecturl="https://www.google.com/url?q=https://learn.microsoft.com/en-us/azure/databricks/security/network/front-end/front-end-private-connect&amp;amp;source=gmail&amp;amp;ust=1780444042910000&amp;amp;usg=AOvVaw1K6LhCatUaz7IHe4X9z0FA" target="_blank"&gt;Configure Inbound Private Link&lt;/A&gt; for the DNS verification steps.&lt;/P&gt;</description>
      <pubDate>Mon, 01 Jun 2026 23:48:53 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-data-api-private-access-with-public-network-access/m-p/158092#M107</guid>
      <dc:creator>stbjelcevic</dc:creator>
      <dc:date>2026-06-01T23:48:53Z</dc:date>
    </item>
    <item>
      <title>Lakebase Data API private access with Public Network Access disabled</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-data-api-private-access-with-public-network-access/m-p/157858#M106</link>
      <description>&lt;P&gt;We are testing Azure Databricks Lakebase Autoscaling with Public Network Access disabled and standard inbound Private Link enabled.&lt;/P&gt;&lt;P&gt;The workspace UI works privately through VPN, but the Lakebase Data API hostname still resolves to a public IP and returns:&lt;/P&gt;&lt;P&gt;HTTP 403: Public access is not allowed for workspace&lt;/P&gt;&lt;P&gt;According to the docs, Service Direct Private Link is not required when using only the Data API.&lt;/P&gt;&lt;P&gt;Has anyone successfully used Lakebase Data API privately with Public Network Access disabled?&lt;/P&gt;&lt;P&gt;If yes, what DNS or Private Link configuration is required? Should the Data API hostname resolve through the workspace inbound Private Link, or is another private endpoint/DNS setup needed?&lt;/P&gt;&lt;P&gt;Thanks!&lt;/P&gt;</description>
      <pubDate>Fri, 29 May 2026 07:58:24 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-data-api-private-access-with-public-network-access/m-p/157858#M106</guid>
      <dc:creator>POCUSER</dc:creator>
      <dc:date>2026-05-29T07:58:24Z</dc:date>
    </item>
    <item>
      <title>Re: Inquiry regarding Query History and Audit Logs for Databricks Lakebase</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/inquiry-regarding-query-history-and-audit-logs-for-databricks/m-p/157597#M105</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/228048"&gt;@POCUSER&lt;/a&gt;,&lt;/P&gt;
&lt;P data-pm-slice="1 1 []"&gt;I’m not aware of any public documentation that explicitly confirms that every request sent through the &lt;A href="https://docs.databricks.com/aws/en/oltp/projects/data-api" rel="noopener noreferrer nofollow" target="_blank"&gt;Lakebase Data API&lt;/A&gt; is captured in system.query.history or exposed through a dedicated per-request audit log.&lt;/P&gt;
&lt;P&gt;A practical way to validate it is to run a simple test query through the Data API and then check system.query.history. The public docs for that table currently describe coverage for SQL warehouses and serverless compute, so testing is the best way to confirm whether Lakebase Data API activity appears there in your environment.&lt;/P&gt;
&lt;P&gt;It is also worth checking system.access.audit together with the &lt;A href="https://docs.databricks.com/aws/en/admin/account-settings/audit-logs" rel="noopener noreferrer nofollow" target="_blank"&gt;audit log reference&lt;/A&gt; to see whether any Lakebase-related control-plane events are emitted there.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;If you need a definitive answer specifically for compliance, such as whether full query text, caller identity, and failed request details are logged for Lakebase Data API requests, I’d recommend opening a Databricks support case. Some of the Lakebase observability surfaces are still evolving, so support is the best route for confirmed guidance on the current supported behaviour.&lt;/P&gt;
&lt;P class="p1"&gt;&lt;FONT size="2" color="#FF6600"&gt;&lt;STRONG&gt;&lt;I&gt;If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.&lt;/I&gt;&lt;/STRONG&gt;&lt;/FONT&gt;&lt;I&gt;&lt;/I&gt;&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 25 May 2026 11:40:21 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/inquiry-regarding-query-history-and-audit-logs-for-databricks/m-p/157597#M105</guid>
      <dc:creator>Ashwin_DSA</dc:creator>
      <dc:date>2026-05-25T11:40:21Z</dc:date>
    </item>
    <item>
      <title>Re: Inquiry regarding Query History and Audit Logs for Databricks Lakebase</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/inquiry-regarding-query-history-and-audit-logs-for-databricks/m-p/157585#M104</link>
      <description>&lt;P&gt;You can follow below&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;STRONG&gt;Query History Tracking - &lt;/STRONG&gt;You can use the pg_stat_statements entity for getting the historical SQL query execution details and other runtime metrics in the Lakebase instance. Every successful or failed query sent through the Lakebase is parameterized, normalized and logged alongside its total runtime, execution time and other tracking metrics. This entity serves as the primary ledger for tracking precisely what query texts were run. You can periodically offload these metrics if you require persistent retention beyond the life of the compute cluster as the data lives within the database's shared memory, More details &lt;A href="https://docs.databricks.com/aws/en/oltp/projects/pg-stat-statements" target="_self"&gt;here&lt;/A&gt;&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Active Query Monitoring&lt;/STRONG&gt;&amp;nbsp;- You can use pg_stat_activity to monitor live requests, active transactions and current connections hitting the Lakebase in real time for monitoring. This entity exposes the immediate state of the database showing he currently executing queries, client IP addresses, query, backend type and operational states. It helps in finding which accounts are running active, long running or blocked statements at any given second.&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Account Level Audit Logs&lt;/STRONG&gt;&amp;nbsp;- You can use system.access.audit for account level governance, infrastructure compliance and broader security perspective. All major activities related to the database - such as provisioning, configuration changes etc are recorded in the system.access.audit table. To isolate these specific events use the service name databaseInstances or postgres for getting the related details.&lt;/LI&gt;&lt;/UL&gt;</description>
      <pubDate>Mon, 25 May 2026 09:43:22 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/inquiry-regarding-query-history-and-audit-logs-for-databricks/m-p/157585#M104</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-05-25T09:43:22Z</dc:date>
    </item>
    <item>
      <title>Inquiry regarding Query History and Audit Logs for Databricks Lakebase</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/inquiry-regarding-query-history-and-audit-logs-for-databricks/m-p/157576#M103</link>
      <description>&lt;DIV class=""&gt;We are using &lt;STRONG&gt;Lakebase Data API (HTTP Endpoint)&lt;/STRONG&gt; to execute queries and need to verify the audit log capabilities for compliance. Could you please clarify:&lt;/DIV&gt;&lt;OL class=""&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;Query Text Logging:&lt;/STRONG&gt; Does Databricks capture the &lt;STRONG&gt;full SQL statement text&lt;/STRONG&gt; and the &lt;STRONG&gt;actual user identity&lt;/STRONG&gt; for every request sent via the Lakebase Data API?&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;Log Location:&lt;/STRONG&gt; Where are these Data API history logs stored (e.g., in system.query.history, Audit Logs in Storage Bucket, or via Unity Catalog)?&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;Error Logging:&lt;/STRONG&gt; Are failed queries (Query Errors) and their detailed error messages recorded in these logs as well?&lt;/SPAN&gt;&lt;/LI&gt;&lt;/OL&gt;</description>
      <pubDate>Mon, 25 May 2026 05:13:44 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/inquiry-regarding-query-history-and-audit-logs-for-databricks/m-p/157576#M103</guid>
      <dc:creator>POCUSER</dc:creator>
      <dc:date>2026-05-25T05:13:44Z</dc:date>
    </item>
    <item>
      <title>Re: Controlling Agent access to Tools and Tool access to Data Operations</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/157569#M102</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/193023"&gt;@smithsonian&lt;/a&gt;,&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea" data-pm-slice="1 1 []"&gt;The general best-practice pattern is to separate what the agent plans... from...what the platform will actually allow it to do.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;If the data already lives in Unity Catalog, a good approach is to use Unity Catalog as the system of record for data permissions and use &lt;A href="https://docs.databricks.com/aws/en/ai-gateway" rel="noopener noreferrer nofollow" target="_blank"&gt;Unity AI Gateway&lt;/A&gt; as the runtime governance layer for agents, LLM endpoints, and MCP servers.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;In practical terms, that usually means&amp;nbsp;&lt;SPAN&gt;keeping planning/reasoning agents read-only where possible and&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;exposing actions through governed tools such as &lt;/SPAN&gt;&lt;A style="font-family: inherit; background-color: #ffffff;" href="https://docs.databricks.com/aws/en/generative-ai/mcp" rel="noopener noreferrer nofollow" target="_blank"&gt;UC functions and MCP servers&lt;/A&gt;&lt;SPAN&gt;, rather than letting agents perform arbitrary direct operations. Another recommendation is to&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;run user-facing workflows with &lt;/SPAN&gt;&lt;A style="font-family: inherit; background-color: #ffffff;" href="https://docs.databricks.com/aws/en/generative-ai/agent-framework/agent-authentication-model-serving#on-behalf-of-user-authentication" rel="noopener noreferrer nofollow" target="_blank"&gt;on-behalf-of-user authentication&lt;/A&gt;&lt;SPAN&gt; so the agent cannot exceed the caller’s permissions. The key is to reserve specific service principals for background or automated jobs that truly require non-user execution.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;For write or move actions, I would strongly recommend a controlled execution pattern... plan → validate/preview → approve → execute. That gives you a checkpoint before any destructive or irreversible action and is much safer than allowing an agent to directly execute whatever it decides at runtime.&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;Another important design decision is to make the action surface narrower and suitable for policy implementation. For example, instead of giving an agent broad SQL write access, expose a small set of approved operations via UC functions or MCP tools, and then apply runtime policies to those tool calls. Databricks has publicly described this direction with &lt;A href="https://www.databricks.com/blog/stop-rogue-ai-how-unity-catalog-secures-your-agent-actions" rel="noopener noreferrer nofollow" target="_blank"&gt;service policies and payload logging for MCPs&lt;/A&gt;, which is exactly the sort of control plane you want for "this agent can read, this one can write only to dataset X, and this one can move data only under condition Y."&lt;/P&gt;
&lt;P class="wnfdntf _1ibi0s3f5 _1ibi0s3ce _1ibi0s3ea"&gt;Lastly, make sure every tool invocation is observable. A runtime governance model is only credible if you can answer... who called what tool, with which arguments, on whose behalf, and what happened. AI Gateway’s observability and logging model is designed for that kind of audit trail.. although it is still in beta.&amp;nbsp;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;FONT size="2" color="#FF6600"&gt;&lt;STRONG&gt;&lt;I&gt;If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.&lt;/I&gt;&lt;/STRONG&gt;&lt;/FONT&gt;&lt;I&gt;&lt;/I&gt;&lt;/P&gt;</description>
      <pubDate>Sun, 24 May 2026 18:00:19 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/controlling-agent-access-to-tools-and-tool-access-to-data/m-p/157569#M102</guid>
      <dc:creator>Ashwin_DSA</dc:creator>
      <dc:date>2026-05-24T18:00:19Z</dc:date>
    </item>
    <item>
      <title>Re: How to access a delta table in UC from lakebase postgres ?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-access-a-delta-table-in-uc-from-lakebase-postgres/m-p/156691#M101</link>
      <description>&lt;P&gt;Currently, direct write-back from Lakebase PostgreSQL to Unity Catalog Delta tables is not the recommended pattern.&lt;/P&gt;&lt;P&gt;A few points that may help:&lt;/P&gt;&lt;P&gt;• “Sync Tables” are mainly designed for replication/read access scenarios. Databricks currently recommends avoiding direct writes to synced tables because consistency/governance behavior may not be guaranteed.&lt;/P&gt;&lt;P&gt;• If the goal is to move Delta data into PostgreSQL inside Lakebase, the better approach is usually:&lt;BR /&gt;- ETL/ELT pipelines using Databricks Jobs&lt;BR /&gt;- Structured Streaming&lt;BR /&gt;- COPY INTO / JDBC writes&lt;BR /&gt;- CDC-based pipelines&lt;/P&gt;&lt;P&gt;In practice, Databricks → PostgreSQL via JDBC or streaming is the safer supported architecture.&lt;/P&gt;&lt;P&gt;• For bidirectional workloads, many teams treat:&lt;BR /&gt;- Delta + Unity Catalog = analytical/storage layer&lt;BR /&gt;- PostgreSQL/Lakebase = transactional serving layer&lt;/P&gt;&lt;P&gt;Regarding your second question:&lt;/P&gt;&lt;P&gt;• Yes, PostgreSQL can be exposed in Unity Catalog using Lakehouse Federation (Foreign Catalog concept). PostgreSQL is one of the supported federated sources, so you can query PostgreSQL tables from UC without fully ingesting the data.&lt;/P&gt;&lt;P&gt;But federation mainly enables governed query access — it does not make PostgreSQL tables behave like native Delta tables with all UC-managed write semantics.&lt;/P&gt;&lt;P&gt;So today:&lt;BR /&gt;- Read/query interoperability → supported&lt;BR /&gt;- Native governed write-back from Lakebase PostgreSQL into UC Delta tables → limited/not the primary recommended pattern yet.&lt;/P&gt;</description>
      <pubDate>Tue, 12 May 2026 15:09:21 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-access-a-delta-table-in-uc-from-lakebase-postgres/m-p/156691#M101</guid>
      <dc:creator>Abhishek_sinha</dc:creator>
      <dc:date>2026-05-12T15:09:21Z</dc:date>
    </item>
    <item>
      <title>Re: How to create a lakebase table ?</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/how-to-create-a-lakebase-table/m-p/155804#M100</link>
      <description>&lt;P&gt;You can use&amp;nbsp;&lt;SPAN&gt;Lake base Autoscaling with &lt;STRONG&gt;Synced Tables.&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Synced tables empower you to export high quality &amp;amp; governed data from &lt;STRONG&gt;Lakehouse&lt;/STRONG&gt; into &lt;STRONG&gt;Lake base&lt;/STRONG&gt;. Its specifically designed for downstream applications requiring extreme responsiveness (&lt;STRONG&gt;sub 10ms responses)&amp;nbsp;&lt;/STRONG&gt;along with the reliability of &lt;STRONG&gt;ACID compliant transactions&amp;nbsp;&lt;/STRONG&gt;for real time cases.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;You can sync gold tables from&amp;nbsp;patient_details&amp;nbsp;into a new synced table&amp;nbsp;patient_details_synced.&amp;nbsp;You can use sync modes based on needs&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;STRONG&gt;Snapshot&lt;/STRONG&gt; -&amp;nbsp;&lt;SPAN&gt;One time copy of all data&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Triggered -&amp;nbsp;&lt;/STRONG&gt;&lt;SPAN&gt;Scheduled updates that run on demand or at intervals&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Continuous -&amp;nbsp;&lt;/STRONG&gt;&lt;SPAN&gt;Real time streaming with latency in seconds&lt;/SPAN&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;SPAN&gt;You can check the resource Modern Databricks Lake base with Medical Inventory Management Apps &lt;A href="https://community.databricks.com/t5/lakebase-articles/databricks-lake-base-modern-medical-inventory-management-with/td-p/153899" target="_self"&gt;here&lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 29 Apr 2026 14:27:57 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/how-to-create-a-lakebase-table/m-p/155804#M100</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-04-29T14:27:57Z</dc:date>
    </item>
    <item>
      <title>Re: Lakebase auto start/stop</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-auto-start-stop/m-p/155784#M99</link>
      <description>&lt;P&gt;&lt;STRONG&gt;Lake base&amp;nbsp;&lt;/STRONG&gt;supports &lt;STRONG&gt;Autoscaling&lt;/STRONG&gt; &amp;amp;&amp;nbsp;&lt;STRONG&gt;Scale to Zero&lt;/STRONG&gt; with Automatic &lt;STRONG&gt;Suspension&lt;/STRONG&gt; &amp;amp; &lt;STRONG&gt;Reactivation&lt;/STRONG&gt; capabilities&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;STRONG&gt;Automatic Suspension&lt;/STRONG&gt;&amp;nbsp;- Lake base compute automatically suspends after a period of inactivity (default is 5 minutes).&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;Reactivation&lt;/STRONG&gt;&amp;nbsp;- The compute automatically reactivates within a few hundred milliseconds when you run a new query&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;SPAN&gt;You can use &lt;STRONG&gt;Autoscaling&lt;/STRONG&gt; to adjust resources based on workload demand &amp;amp; &lt;STRONG&gt;scale to zero&lt;/STRONG&gt; to suspend compute entirely after a period of inactivity reducing compute costs to zero during idle periods.&amp;nbsp;You pay only for active compute time &amp;amp; not for idle periods&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;More details &lt;A href="https://docs.databricks.com/aws/en/oltp/projects/scale-to-zero#automatic-suspension" target="_self"&gt;here&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 29 Apr 2026 10:56:01 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-auto-start-stop/m-p/155784#M99</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-04-29T10:56:01Z</dc:date>
    </item>
    <item>
      <title>Re: Lakebase login via REST for a service principal</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155467#M98</link>
      <description>&lt;P&gt;I created a new Lakebase project to retrace all my steps.&amp;nbsp;&lt;/P&gt;&lt;P&gt;0- I reused my service principal on the workspace&lt;/P&gt;&lt;P&gt;1- installed databricks authentication extension:&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;CREATE EXTENSION IF NOT EXISTS databricks_auth;&lt;/LI-CODE&gt;&lt;P&gt;2-Added the lakehouse service principal to the lakebase project&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;SELECT databricks_create_role('{UUID}', 'SERVICE_PRINCIPAL');&lt;/LI-CODE&gt;&lt;P&gt;3- Enabled Data API to get authenticator user created&lt;/P&gt;&lt;P&gt;4- Finally granted authenticator role to the service principal&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;GRANT "{UUID}" TO authenticator;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;And this time it worked. I do not understand what the difference is to last time, maybe my authenticator user was somehow corrupted.&lt;/P&gt;&lt;P&gt;Thank you&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/210897"&gt;@balajij8&lt;/a&gt;&amp;nbsp;&amp;amp;&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/110502"&gt;@szymon_dybczak&lt;/a&gt;&amp;nbsp;for your answers and suggestions&lt;/P&gt;</description>
      <pubDate>Fri, 24 Apr 2026 19:42:38 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155467#M98</guid>
      <dc:creator>_Lilith</dc:creator>
      <dc:date>2026-04-24T19:42:38Z</dc:date>
    </item>
    <item>
      <title>Re: Lakebase login via REST for a service principal</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155459#M97</link>
      <description>&lt;P&gt;It's failing due to insufficient privileges. Can you check that you have '&lt;STRONG&gt;Can Manage&lt;/STRONG&gt;' access under Project Permissions in the Lake base project? If you have '&lt;STRONG&gt;Can Use&lt;/STRONG&gt;' access, you can ask for '&lt;STRONG&gt;Can Manage&lt;/STRONG&gt;' access or you can ask the admin to run the GRANT sequence to initialize the Service Principal&lt;/P&gt;</description>
      <pubDate>Fri, 24 Apr 2026 15:33:05 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155459#M97</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-04-24T15:33:05Z</dc:date>
    </item>
    <item>
      <title>Re: Lakebase login via REST for a service principal</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155455#M96</link>
      <description>&lt;P&gt;That is what I am using. Taking the example of the documentation what I do first is:&lt;/P&gt;&lt;P&gt;1- Create a service principal in the workspace&lt;/P&gt;&lt;P&gt;2- Add the service principal as a user in lakebase, using service principals Application ID&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;SELECT databricks_create_role('8c01cfb1-62c9-4a09-88a8-e195f4b01b08', 'SERVICE_PRINCIPAL');&lt;/LI-CODE&gt;&lt;P&gt;3- I get the mentioned error at the first step of giving permissions in the SQL editor:&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;-- Allow authenticator to assume the identity of the user
GRANT "8c01cfb1-62c9-4a09-88a8-e195f4b01b08" TO authenticator;&lt;/LI-CODE&gt;&lt;BLOCKQUOTE&gt;&lt;P&gt;&lt;EM&gt;&lt;FONT size="3"&gt;ERROR: permission denied to grant role "8c01cfb1-62c9-4a09-88a8-e195f4b01b08"&amp;nbsp;(SQLSTATE 42501)&lt;/FONT&gt;&lt;/EM&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;</description>
      <pubDate>Fri, 24 Apr 2026 14:12:25 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155455#M96</guid>
      <dc:creator>_Lilith</dc:creator>
      <dc:date>2026-04-24T14:12:25Z</dc:date>
    </item>
    <item>
      <title>Re: Lakebase login via REST for a service principal</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155451#M95</link>
      <description>&lt;P&gt;&lt;SPAN&gt;You can change the code to use the client application ID (UUID) of the service principal as the identity name and run it.&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;GRANT "UUID" TO authenticator;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 24 Apr 2026 13:06:24 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155451#M95</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-04-24T13:06:24Z</dc:date>
    </item>
    <item>
      <title>Re: Lakebase login via REST for a service principal</title>
      <link>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155449#M94</link>
      <description>&lt;P&gt;Thanks for your reply.&amp;nbsp;&lt;/P&gt;&lt;P&gt;These are the steps that I have also followed and had linked to in my question.&lt;/P&gt;&lt;P&gt;When granting permissions, the first line of the documentation fails when I use a service principal&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;-- Allow authenticator to assume the identity of the user
GRANT "{service principal user ID}" TO authenticator;&lt;/LI-CODE&gt;&lt;BLOCKQUOTE&gt;&lt;P&gt;&lt;EM&gt;&lt;FONT size="3"&gt;ERROR: permission denied to grant role "{service principal user ID}"&amp;nbsp;(SQLSTATE 42501)&lt;/FONT&gt;&lt;/EM&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 24 Apr 2026 12:25:55 GMT</pubDate>
      <guid>https://community.databricks.com/t5/lakebase-discussions/lakebase-login-via-rest-for-a-service-principal/m-p/155449#M94</guid>
      <dc:creator>_Lilith</dc:creator>
      <dc:date>2026-04-24T12:25:55Z</dc:date>
    </item>
  </channel>
</rss>

