Skip to main content

Privacera Documentation

Configure Databricks resource policies

By default, Databricks File System (DBFS) is protected by Privacera. This blocks common tasks like adding jars/libraries into the cluster. For example, when you try to install a library into a protected DBFS cluster, the following exception will be displayed:

Exception:

Exception while installing a Jar in Databricks Cluster with Plugin enabled? java.lang.RuntimeException: ManagedLibraryInstallFailed: java.security.AccessControlException: Access denied for resource [dbfs:/local_disk0/tmp/addedFile4604599454488620309privacera_crypto_jar_with_dependencies-eba20.jar] action [READ] for library:JavaJarId(dbfs:/privacera/crypto/jars/privacera-crypto-jar-with-dependencies.jar,,NONE),isSharedLibrary=false

To grant permissions to read/write on DBFS, you need to create an access policy. Access to DBFS will be audited.

To create an access policy for Databricks, do the following:

  1. Go to Access Management > Resource Policies > privacera_files.

  2. Click Add New Policy.

  3. Enter the following details:

    1. Policy Name: Access to Temporary Folder for adding libraries

    2. Resource: dbfs:/local_disk0/tmp

      Note

      Make sure the recursive box next to the Resource field is checked.

    3. Group: public

    4. Permission: read & write

Note

The above policy gives permission to all the users. If you want to restrict to only certain users, then instead of giving permission to the group public, provide it to appropriate users or groups.