By default, Databricks personnel do not have access to customer workspaces or to the production multi-tenant environments. Databricks staff may request temporary access to your workspace in order to investigate an outage, security event, or to support your deployment.
Databricks technology controls enforce the following in such scenarios:
Limited personnel can request production access to resolve an engineering support ticket or a customer-reported issue.
Time limits are set in advance to the expected duration of the support session.
You can configure workspace audit logs to review Databricks personnel access to your workspace’s resources. Logs are delivered in typically under 15 minutes.
For Databricks on AWS, you can choose to block access to your workspace by Databricks support personnel using a feature called Customer Approved Workspace Login. If needed, you can temporarily approve access to your workspace for only the duration of the support session.
The Customer Approved Workspace Login feature allows admins to give Databricks engineers and support staff access to their workspace for a temporary session.
As an admin, go to the admin settings page.
Click the Workspace Settings tab.
In the Access Control section, click the Workspace access for Databricks Support toggle.
Set the amount of hours you would like to allow access to your workspace. Sessions can last up to 48 hours. You can also choose to always allow access.
After access is turned on, workspace admins can track the expiration time of access in the the Workspace Settings tab. They can also disable the workspace access before the expiration time is up.