Getting Started

Add Service principal (Azure AD Application) to Databricks

  1. 1.
    Create a group "protecto_group" in databricks.
  2. 2.
    Add service principal which was created in step 1 with the display name "protecto_user". Reference link: Adding Service Principal to databricks.
  3. 3.
    Add "protecto_user" to the "protecto_group
List of accesses needed in Databricks:
  • Grant "SELECT", "USAGE", “READ_METADATA” privilege for all catalogs, databases (or schemas) and tables for "protecto_group".
  • Create medium sized sql warehouse for Protecto and give "can manage" permission for "protecto_group".
  • Grant “can manage” permission to “protecto_group” in all SQL warehouses on which the Protecto application needs to analyze. This is required to retrieve access logs (audit logs).