Add Service principal (Azure AD Application) to Databricks

  1. Create a group "protecto_group" in databricks.

  2. Add service principal which was created in step 1 with the display name "protecto_user". Reference link: Adding Service Principal to databricks.

  3. Add "protecto_user" to the "protecto_group

List of accesses needed in Databricks:

  • Grant "SELECT", "USAGE", “READ_METADATA” privilege for all catalogs, databases (or schemas) and tables for "protecto_group".

  • Create medium sized sql warehouse for Protecto and give "can manage" permission for "protecto_group".

  • Grant “can manage” permission to “protecto_group” in all SQL warehouses on which the Protecto application needs to analyze. This is required to retrieve access logs (audit logs).

Last updated