Azure Databricks - Access via Credentials Passthrough

asked 2022-06-10T19:24:41.377+00:00
Gopinath Rajee 561 Reputation points

All,

When Clusters in the Workspace are configured to for "Credentials Passthrough", the users of the cluster can access the ADLS GenV2 Storage Account he has access to. Which is good since we dont have to provision anything else for him/her to access datalake data but at the same time it is a problem since the user can access any Storage Accounts that the user has access to.

So, given a cluster, how do we ensure that the user has access to only certain Storage Accounts via the cluster even though the user might have access to lot of other storage accounts as well?

Thanks,
grajee

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
891 questions
Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
1,199 questions
{count} votes

Accepted answer
  1. answered 2022-06-13T11:12:16.16+00:00
    PRADEEPCHEEKATLA-MSFT 53,006 Reputation points Microsoft Employee

    Hello @Gopinath Rajee ,

    Thanks for the question and using MS Q&A platform.

    You'd have to block access to those storage accounts via networking rules.

    If I have permissions to storage, and a machine that can access it. I guess I'm not even sure this is a problem, what's the point of being able to access storage only through certain machines?

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    No comments

0 additional answers

Sort by: Most helpful