Enterprise Databricks controls
Identity propagation, Unity Catalog enforcement, approvals, audit lineage, durable state, cost controls, secret handling, and deployment hardening.
Fabric Harness adds runtime controls around Databricks calls. Those controls are defense in depth: Unity Catalog and Databricks resource permissions remain authoritative.
Identity modes
| Mode | Use | Fabric API |
|---|---|---|
| App service principal | Databricks Apps and unattended production workloads | appServicePrincipalFromEnv() |
| OAuth M2M | External services acting as one application | databricksIdentity({ kind: 'service-principal' }) |
| On-behalf-of user | Preserve the signed-in user's grants | onBehalfOfFromHeaders() |
| Personal access token | Local development or controlled single-user testing | kind: 'pat' |
Token providers are resolved at call time and refresh before expiry. Identity labels, not tokens, are placed in actors, submissions, lineage, and cost records.
For Databricks Apps ingress, use databricksAppsOidcAuthenticator() as the Node server
authenticate hook. It validates workspace JWT signatures, issuer, audience, expiry, and signing-key
rotation before mapping the forwarded user email to both the Fabric actor and Unity Catalog
principal. See Authentication and RBAC.
Enforcement flow
Controls to configure
- Use a least-privilege service principal or a user OBO token for each request.
- Restrict outbound network policy to the workspace host and any explicitly required services.
- Add catalog allowlists as defense in depth; do not treat them as a substitute for UC grants.
- Route write and execute tools to a data-steward approval audience.
- Persist sessions, submissions, and streams in Lakebase for restart recovery.
- Send governed tool lineage to an audit sink, MLflow, OpenTelemetry, or Lakebase telemetry tables.
- Apply estimated and actual-cost tenant budgets, then reconcile against system-table usage.
- Keep secrets in Databricks App resources, environment-backed secret references, or an external secret manager. Never put credentials in prompts, tool inputs, or lineage labels.
- Build with provenance and SBOM output, inspect the v2 manifest, and require an API token on production artifact routes.
Lakebase credential exchange
lakebaseClient() does not use a workspace OAuth token as the Postgres password. It exchanges the
workspace token for a database credential using the endpoint resource name, refreshes that credential
early with jitter, single-flights concurrent refreshes, and supplies it to the connection pool.
const app = databricksApp();
const server = await startDevServer({
host: '0.0.0.0',
port: Number(process.env.DATABRICKS_APP_PORT ?? 8080),
...(await app.serverOptions()),
});serverOptions() injects the Lakebase session, submission, and conversation-stream stores into the
shared Node server. See Lakebase for configuration.
Databricks connectors and sandboxes
Choose between the Databricks SQL sandbox, Unity Catalog Volume connectors, workspace sources, attachment storage, and general-purpose compute sandboxes.
Workspace compatibility
Evidence-based Databricks cloud, region, authentication, API, App, Lakebase, and runtime compatibility.