Skip to content

Databricks for Azure Guide

Screenshot

Learn more about the benefits of Satori for Databricks and Schedule a demo

Satori streamlines and simplifies the process of controlling access to data in Databricks. Satori reduces the risk of data leakage caused by misconfiguring users or permissions.

Databricks Unity Catalog is designed for centralized data governance. Satori integrates with several of its features such as user management, access controls and audit logs.

It only takes a few minutes to get started with Satori. Ensure that you have the following prepared in advance:

  • Access to the Satori Management Console.
  • The hostname of your Databricks Workspace.

Configuring your Databricks Account

To grant Satori access to Databricks on Azure, go to your Databricks account and get the following configuration details:

Extract the Account Information from Databricks

To extract the relevant Account information from Databricks, perform the following steps:

  1. Get your Databricks Instance - Login to your Databricks account and follow the instructions to obtain your databricks-instance from the Databricks instructions. For example: adb-1234567897114720.0.azuredatabricks.net.
  2. Get your Account ID - Go to the Databricks Admin Console, click on your username located in the right hand corner of the interface and copy the Account ID. for example: 785811f2-fd73-4995-9d34-a2bdf1723485.
  3. Get your SQL Warehouses ID - In the Workspace console select the SQL Warehouse tab and copy the ID value. For example: 92748d3f4d1346af.

Note: Satori recommends provisioning a dedicated SQL warehouse for the Satori workload, a minimal SQL Classic instance is sufficient.

Creating a New Satori Service Principal in Databricks

  1. Create a new Satori Service Principal to manage your Databricks instance. Go to the User Management view, select the Service Principals tab, add a new Satori Service Principal. Satori supports both Databricks managed and Microsoft Entra ID managed service principals.
  2. Microsoft Entra ID managed service principals only: to provision a Service Principal in Azure portal and get Microsoft Entra ID tokens use following instructions.
  3. Databricks managed service principals only: Generate an OAuth secret. Select the newly created service principal and click the generate secret button. (Copy the secret and Application (client) ID for your Satori configuration)
  4. In the Databricks Account go to User Management and select Service Principals section and add the Service Principal using the clientID (UUID).
  5. Identify which group manages the metastore. This configuration is located in the Metastore configuration section in the Catalog view.
  6. In the Databricks User Management view, select the Groups tab and add the Satori Service Principal to the group identified in the previous step.
  7. Go to the Workspace view and select your Workspace, click the Permissions Tab and click the Add Permissions button. Now add the Admin permission to the Satori Service Principal.
  8. Go to the Databricks Workspace and click on the SQL Warehouses view. Now locate the Satori Warehouse and grant the Satori Service Principle permission by selecting the Can Use option. (Copy the warehouse ID for your Satori configuration).

Databricks Information Configuration Checklist

Ensure that you have obtained the following details:

  • Databricks Instance
  • Account ID
  • SQL Warehouse ID
  • Application (client) ID (Satori service principal).
  • Client Secret Value (Satori service principal).
  • Directory (tenant) ID (Microsoft Entra ID managed service principals only)

Enabling the Audit Log on your Account

To take advantage of the Azure Databricks system tables and the associated resources, refer to the Microsoft documentation Monitor usage with system tables and enable the Audit logs module on your account using the Enable a system schema API.

Configuring your Satori Data Store

Screenshot

  1. Login to the Satori Management Console.
  2. In the Data Stores view, click the plus button to Add a New Data Store.
  3. Select the Databricks option.
  4. Now, provide an informative name for the data store, for example: Sales Data Warehouse.
  5. Enter the Databricks Instance of your Databricks account.
  6. Enter your databricks Account ID.
  7. Enter your databricks SQL Warehouse ID.
  8. Select the Authentication type:
  9. Use Entra ID service principal for Microsoft Entra ID managed service principals
  10. Use Databricks service principal for Databricks managed service principals
  11. Enter your Application (client) ID
  12. Enter your Directory (tenant) ID (Microsoft Entra ID managed service principals only)
  13. Enter your Client Secret’s value
  14. Choose a Data Access Controller to use for this data store by selecting the Cloud provider and Region.
  15. Click the Add New Data Store button.
  16. You will be redirected to the Data Stores list view

Testing your Databricks Integration

  1. Go to your newly created Databricks instance and select the Integartion Tab.
  2. Click the Test Connection button.

Screenshot