This article describes how a service principal can be used to access DB workspace via rest api . SP will be given contributor role but it doesn't belong to workspace .
Service principal defined in Azure Active Directory (Azure AD) can also act as a principal on which authentication and authorization policies can be enforced in Azure Databricks. Service principals in an Azure Databricks workspace can have different fine-grained access control than regular users (user principals) and be used to access ADB.
1) Provision a service principal in Azure portal as below
2) Click Certificates & secrets and generate a new client secret.
Note :- Secrets used in this blog have been invalidated for security reasons.
3) Assign the SP contributor role.
4) Get an Azure Active Directory access token
curl -X GET -H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=<client-id>&resource=<azure_databricks_resource_id>&client_secret=<application-secret>' \
https://login.microsoftonline.com/<tenant-id>/oauth2/token
6) Finally use a management endpoint access token to access the Databricks REST API
No comments:
Post a Comment