Data access configuration

This article describes the data access configurations performed by Databricks administrators for all SQL endpoints using the UI.

To configure all SQL endpoints using the REST API, see Global SQL Endpoints API.

Important

Changing these settings restarts all running SQL endpoints.

For a general overview of how to enable access to data, see Databricks SQL security model and data access overview.

Requirements

You must be a Databricks administrator to configure settings for all SQL endpoints.

Configure an instance profile

To configure all endpoints to use an AWS instance profile when accessing AWS storage:

  1. Click User Settings Icon Settings at the bottom of the sidebar and select SQL Admin Console.
  2. Click the SQL Endpoint Settings tab.
  3. In the Instance Profile drop-down, select an instance profile. If there are no profiles:
    1. In a new browser tab, click the sidebar persona switcher to select Data Science & Engineering.
    2. Go to the admin console.
    3. Configure an instance profile.
    4. Go back to the SQL Admin Console browser tab and select the instance profile you just created.
  4. Click Save.

Warning

  • If a user does not have permission to use the instance profile, all endpoints the user creates will fail to start.
  • If the instance profile is invalid, all SQL endpoints will become unhealthy.

Configure data access properties

To configure all endpoints with data access properties:

  1. Click User Settings Icon Settings at the bottom of the sidebar and select SQL Admin Console.

  2. Click the SQL Endpoint Settings tab.

  3. In the Data Access Configuration textbox, specify key-value pairs containing metastore properties.

    Important

    To set a Spark configuration property to the value of a secret without exposing the secret value to Spark, set the value to {{secrets/<secret-scope>/<secret-name>}}. Replace <secret-scope> with the secret scope and <secret-name> with the secret name. The value must start with {{secrets/ and end with }}. For more information about this syntax, see Path value.

  4. Click Save.

Supported properties

The following properties are supported for SQL endpoints. For an entry that ends with *, all properties within that prefix are supported. For example, spark.sql.hive.metastore.* indicates that both spark.sql.hive.metastore.jars and spark.sql.hive.metastore.version are supported, as well as any other properties that start with spark.sql.hive.metastore.

For properties whose values contain sensitive information, you can store the sensitive information in a secret and set the property’s value to the secret name using the following syntax: secrets/<secret-scope>/<secret-name>.

  • spark.databricks.hive.metastore.glueCatalog.enabled
  • spark.sql.hive.metastore.*
  • spark.sql.warehouse.dir
  • spark.hadoop.aws.region
  • spark.hadoop.datanucleus.*
  • spark.hadoop.fs.*
  • spark.hadoop.hive.*
  • spark.hadoop.javax.jdo.option.*
  • spark.hive.*
  • spark.hadoop.aws.glue.*
  • spark.databricks.cloudfetch.override.enabled

For details on how to set these properties, see External Hive metastore and AWS Glue data catalog.