Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Let’s assume we want to grant access to 👩‍💻 Angela to login and use LHO.

Table of Contents

I. Configure LHO App Login and Role Delegation

Active Directory authentication is configured automatically on installation. 

...

Based on how the Service Principal was configured, if the “Assigned required?” is set to “Yes”, then you will have to manually add user Angela to this app. If you “Assigned required?” is set to “No”, you can share the LHO url with any Azure AD tenant user for access, each user will be authorized by the Azure Management API for listing subscriptions and workspaces in Azure, and then by Databricks for all access inside the workspaces.

Please proceed to the following step

...

Note

If there are NO roles defined in the Service Principal App, then any signed in user in LHO is considered LHO Admin.

image-20240122-144437.png

II. Grant Rights for Listing Databricks Workspaces

Once the previous section is complete, Angela is now able to successfully long to LHO via Active Directory authentication.

...

For how to create this custom role, please see:

image-20240122-151144.pngimage-20240122-151159.png

(5) Select Role BplmDatabricksReader

...

Info

Once this section is complete, Angela will be able to see the names of all Databricks Workspaces that are published in LHO for the selected subscription in which she was just added.

III. Grant Access to Databricks Content

Info

This next section is required if Angela is not already a Databricks user.

...