...
LHO Agent has access to the configuration of a Databricks entity (e.g. Workflow, Job) and in that configuration can be found the Secrete Scope container where credentials are stored. Any entity has access to Databricks Secrets service.
What permissions are required for the telemetry agent to read/write data from/to Azure Blob Storage?
The telemetry collector agent is using the configured Service Principal to identify itself and securely write to Azure Blob Storage container.
How does the telemetry agent communicate with the LHO App for realtime telemetry data analysis? (7)
The LHO Agent stores telemetry data in the cloud storage the Azure Tables of the configured Azure Storage account and sends events (e.g. spark job completed finished events) to Azure Queue configured on the Storage Account that also saves the telemetry data.
...
The access to cloud storage via Access Key can be disabled the the LHO App configured to use Service Principal to access cloud storage. The LHO Service Principal requires the Storage Queue Data Contributor role and Storage Table Data Contributor roles at the Storage Account level used by LHO Agent. This allows the LHO App to read data from the Storage Account’s Queue and the LHO Agent to write data to this queue. (8)
Storage Queue Data Contributor and Storage Table Data Contributor role roles must be granted manually to the LHO Service Principal on the Storage Account used by LHO Agent.
...