Skip to content

Using JWT for User Identification in Databricks Cluster with FGAC

Pre Read

You should read how Privacera uses JWT for authentication before proceeding with this topic.

Prerequisites

Make sure your administrator as configured your cluster with the required settings as mentioned in the Configuring Databricks Cluster FGAC with JWT section.

This section is applicable for both Self Managed and PrivaceraCloud deployments. It describes how to use JWT for user identification in Databricks clusters with FGAC.

JWT token overrides the logged-in user identity.

Using JWT authentication is only recommended for job clusters

When you are using Databricks Notebook or DatabricksSQL with FGAC, then it is not possible to pass custom Spark Configuration for each user session. So when the token is added to the file system and the configuration is set at the cluster level, then all users will be treated as the user in the JWT token.

  1. Set the following configuration while creating the Databricks cluster:

    Properties
    1
2
    spark.hadoop.privacera.jwt.oauth.enable true
spark.hadoop.privacera.jwt.token /tmp/jwttoken.dat

  2. You can copy the JWT token file to Spark cluster using the following steps:

    Python
    1
2
3
4
5
    file_path="/tmp/ptoken.dat"
token="<jwt_token>"
file1 = open(file_path,"w")
file1.write(token)
file1.close()

Comments