This article describes how a service principal can be used to access DB workspace via rest api . SP will be given contributor role but its added to workspace as non-admin.
Service principal defined in Azure Active Directory (Azure AD) can also act as a principal on which authentication and authorization policies can be enforced in Azure Databricks. Service principals in an Azure Databricks workspace can have different fine-grained access control than regular users (user principals) and be used to access ADB.
ii) Add SP to the group
iii) Confirm it gets added .
Service principal defined in Azure Active Directory (Azure AD) can also act as a principal on which authentication and authorization policies can be enforced in Azure Databricks. Service principals in an Azure Databricks workspace can have different fine-grained access control than regular users (user principals) and be used to access ADB.
1) Provision a service principal in Azure portal as below
2) Click Certificates & secrets and generate a new client secret.
Note :- Secrets used in this blog have been invalidated for security reasons.
3) Assign the SP contributor role.
4) Get an Azure Active Directory access token
curl -X GET -H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=<client-id>&resource=<azure_databricks_resource_id>&client_secret=<application-secret>' \
https://login.microsoftonline.com/<tenant-id>/oauth2/token
5) Decide group to which SP will be added and fire rest API to add SP to group .
i) Group 7 is empty
ii) Add SP to the group
iii) Confirm it gets added .
6) Finally use a Azure Active Directory access token to access the Databricks REST API
