Skip to content

Databricks Guide

Screenshot

Satori streamlines and simplifies the process of controlling access to data in Databricks. Satori reduces the risk of data leakage caused by misconfiguring users or permissions.

Databricks Unity Catalog is designed for centralized data governance. Satori integrates with several of its features such as user management, access controls and audit logs. It only takes a few minutes to get started with Satori. Ensure that you have the following prepared in advance:

  • Access to the Satori Management Console.
  • The hostname of your Databricks Unit Catalog.

Configuring your Cloud Platform Account

This guide is divided into two separate cloud platform configuration flavors.

  • Azure
  • AWS

Azure

Perform the following steps to grant Satori access to Databricks on Azure.

Step 1 - Create a New User for Satori

Go to your Azure Databricks account and get the following configuration details using the following instructions:

Account Information Details

  • Databricks Instance
  • Account ID
  • Cluster ID

Obtaining a Databricks Instance

  1. Login to your Databricks account.
  2. Follow the instructions to obtain your databricks-instance from the link Databrick instructions.

Extracting your Account information from Databricks

To extract the relevant Account information from Databricks, perform the following steps:

  1. Get your Account ID - Go to the Databricks Admin console and click on your username located in the right hand corner of the interface and extract the Account ID.
  2. Get your Cluster ID - In the Workspace console select a Compute select Configuration select Automatically Added Tags (in the Tags section) copy ClusterId.

Create a New Satori User

Create a new Satori user as Service Principal access to Databricks Azure

  1. Provision a Service Principal: Learn how to get an Azure AD token from the following link Get Azure AD tokens for service principals.
  2. Click the Azure subscription service where the databricks is installed and under Access control (IAM).
  3. Create a role assignment with the role: Reader and then select your service principal.
  4. In the databricks account go to User Management and select Service principals and add the Service principal using the clientID.
  5. Click on the newly created Databricks account and configure the Account Admin role in the roles section.

Step 2 - Enabling the Audit Log on your Account

Ensure that you have obtained the following configuration details:

  • Application (client) ID
  • Directory (tenant) ID
  • Client secret’s Value

To take advantage of the Azure Databricks system tables and the associated resources, refer to the Microsoft documentation Monitor usage with system tables and enable the Audit logs module on your account using the “Enable a system schema” API.

Step 3 - Adding a Databricks Unity Catalog to Satori

Screenshot

  1. Login to the Satori management console https://app.satoricyber.com
  2. Go to the Data Stores view and click the Add Data Store button.
  3. Select the Databricks option.
  4. Now, provide an informative name for the data store, for example: Sales Data Warehouse.
  5. Enter the Databricks Instance of your Databricks account.
  6. Enter your databricks account ID.
  7. Enter your databricks Cluster ID.
  8. Select the Authentication type to Azure Service Principal
  9. Enter your Application (client) ID
  10. Enter your Directory (tenant) ID
  11. Enter your Client secret’s value
  12. Select your Satori Data Access Controller cloud provider
  13. Select your Satori Data Access Controller region
  14. Click the Add New Data Store button.

AWS

Perform the following steps to grant Satori access to Databricks. Go to your Databricks account and get the following configuration details:

Account Information Details

  • Databricks Instance
  • Account ID
  • Cluster ID

Step 1 - Create a New User for Satori

Perform the following tasks to setup AWS for Databricks:

  1. Login to your Databricks account.
  2. Follow the instructions to obtain your databricks-instance from the following Databricks instructions.

Extract the Account Information from Databricks

To extract the relevant Account information from Databricks, perform the following steps:

  1. Get your account ID - Go to the Databricks Admin console and click on your username located in the right hand corner of the interface and extract Account ID.
  2. Get your Cluster ID - In the Workspace console select a Compute select Configuration select Automatically Added Tags (in the Tags section) copy ClusterId.

Creating a New Satori User in AWS

To create a new Satori user with username password in the *AWS Databricks Admin console for accessing the Unity Catalog, perform the follwing tasks:

  1. Go to the User management view add a new Satori user
  2. Now press the Send Invite button.
  3. Open the email you received from Databricks and reset the password for that user. You can now generate a password.
  4. In the Databricks User Management select the Satori user and then select the Roles tab and assign the Satori user as the Account Admin role.
  5. In User management, select Groups and then select the Admin group that manages the metastore. Verify the configuration in the Metastore configuration section.
  6. Press the Add Members button and select the Satori user and then click the Add button.
  7. Go to Workspaces and select the workspace that will be used to query the metastore.
  8. Go to the Permissions tab and select Add Permission and then assign the Satori user as Admin to the workspace.

Step 2 - Enabling the Audit Log on your Account

To take advantage of the system tables and the associated resources on AWS, refer to the Databricks documentation Monitor usage with system tables and enable the Audit logs module on your account using the Enable a system schema API.

Step 3 - Adding a Databricks Unity Catalog to Satori

Screenshot

  1. Login to the Satori management console https://app.satoricyber.com
  2. Go to the Data Stores view and click the Add Data Store button.
  3. Select the Databricks option.
  4. Now, provide an informative name for the data store, for example: Sales Data Warehouse.
  5. Enter the Databricks Instance of your Databricks account.
  6. Enter your databricks account ID.
  7. Enter your databricks Cluster ID.
  8. Select AWS Username / Password
  9. Enter the username and password that you created for Satori.
  10. Select your Satori Data Access Controller cloud provider
  11. Select your Satori Data Access Controller region
  12. Click the Add New Data Store button.