Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,037 questions
Is it possible to add a Databricks Role/Group to appRoles for OAuth 2.0(Azure AD) tokens
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 4%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Mukil Rajeev
1
Reputation point
I have configured a service principal for Azure Databricks in Azure AD as per this documentation: https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token
I am able to access Azure Databricks using an OAuth 2.0(Azure AD Access token) generated as per the above and access the data within the databricks cluster using this token.
However, I want to figure out if its possible to tie a Databricks Role/Group(if such a thing exists) for managing table and column level access as per : https://learn.microsoft.com/en-us/azure/databricks/security/access-control/table-acls/object-privileges#data-governance-model
If this is possible, I want to add the role/group to appRoles in the Service Principal's Manifest which can tie it to the OAuth 2.0 role claim as per: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
Does the above seem possible? The primary concern I have is that Databricks does not seem to have any roles that can be used to assign permissions. It does seem to have groups, but, I'm not sure if those can be added as appRoles.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee2020-09-09T20:48:16.077+00:00 Hi @Mukil Rajeev ,
Welcome to Microsoft Q&A platform and thank you for using this forum.
I have reached out to internal team to get additional information on this query. I will keep this thread posted as soon as I have an update from the team.
Thank you for your patience.
-
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee
2020-09-14T06:41:52.157+00:00 Hi @Mukil Rajeev ,
Just wanted to update you that I'm still waiting for a response from internal team. Will keep you posted as soon as I have an updae.
Sorry for the delay and thank you for your patience.
-
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee
2020-09-15T20:05:09.733+00:00 Hi MukilRajeev-1432,
Still I haven't received any response from internal team yet. For immediate and better assistance on this, I would suggest you to please file a support request if you have a support plan, so that a dedicated support engineer can assist you in detail about your query. And if you don't have a support plan, please do email to AzCommunity[at]microsoft[dot]com with below details.
- Email subject: <Attn - Kranthi : Microsoft Q&A Thread title>
- Thread URL: <Microsoft Q&A Thread>
- Subscription ID: <your subscription id>
Let e know here once the email is sent.
Thank you -
KranthiPakala-MSFT 46,437 Reputation points Microsoft Employee
2020-09-16T22:00:52.237+00:00 Hi MukilRajeev-1432,
Following up to see if you have got a chance to see my previous response. If so could you please share email the details requested?
Please let me know here once you have done the same.
Thank you
Sign in to comment