Prerequisites for creating Azure SQL Warehouse Connection with PAT authentication
Prerequisites for creating Azure SQL Warehouse Connection with for OAuth Connection
Working with Databricks SQL warehouse with Personal Token and OAuth
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Note
|
Prerequisites for creating Azure SQL Warehouse Connection with PAT authentication
Anchor | ||||
---|---|---|---|---|
|
Before creating an Azure SQL Warehouse connection without Spark, complete the following prerequisites.
Unity Catalog must be enabled on your Databricks cluster.
In Unity Catalog, create storage credentials and an external location with appropriate access permissions for both the source and destination locations. You must have permission to create storage credentials and external locations.
To create storage credentials, first, create an access connector for Azure Databricks. Assign that access connector while creating storage credentials.
Grant the managed identity access to the storage account. You must have the Owner or User Access Administrator Azure RBAC role to grant permission to access your storage account.
Log in to your Azure Data Lake Storage Gen2 account.
Go to Access Control (IAM), click + Add, and select Add role assignment.
Select the Storage Blob Data Contributor role and click Next.
Under Assign access, select a Managed identity.
Click +Select Members, and select Access connector for Azure Databricks or User-assigned managed identity.
Search for your connector name or user-assigned identity, select it, and click Review and Assign.
Fetch the ABFSS path till the parent directory of your respective storage account.
On the Unity Catalog page, go to external locations and create a new external location by providing an external location name, newly created Storage credential, and fetched ABFSS URL. The URL format should be in abfss://my-container-name@my-storage-account.dfs.core.windows.net/<path>
Test the newly created external location by clicking the 'Test connection' button. This will validate the connection with the external location path. Through the permissions tab, assign your user the CREATE EXTERNAL TABLE role.
Go to semantic model Advanced Properties, and add the following properties:
temp catalog name for create parquet table = kyvos.sqlwarehouse.catalog
temp database name for create parquet table = kyvos.sqlwarehouse.tempdb
You must have 'create table and Use schema' permissions on the temp catalog.
...
Prerequisites for creating Azure SQL Warehouse
...
Connection with for OAuth Connection
Anchor | ||||
---|---|---|---|---|
|
To create Azure Databricks SQL Warehouse connection for processing semantic models without Spark, perform the following steps.
From the Toolbox, click Connections.
From the Actions menu ( ⋮ ) click Add Connection.
Enter the following details:
...
Parameter/Field
...
Comments/Description
...
Name
...
Enter a unique name for the connection.
...
Category
...
Select the Warehouse option. There may be more than one warehouse connection.
...
Provider
...
Select DATABRICKSSQL from the list.
...
Driver class
...
This field will be auto populated. The Driver class (com.databricks.client.jdbc.Driver ) is required to connect to the Azure SQL Warehouse.
...
URL
In the URL field, enter the Databricks SQL Warehouse JDBC URL.
with OAuth, you need to complete the following prerequisites.
Create a Service Principal
Go to the user profile, click Settings, then Identity and Access. Under Service Principal [Manage], click Add Service Principal, and note generated Application ID or Client ID; this will be OAuth2ClientId.
Generate a secret for this Service Principal and note it down as it is OAuth2Secret.
Grant required permissions for Databricks SQL Warehouse cluster:Add the service principal with the permission "CAN MANAGE".
Prepare the JDBC URL:
Get the JDBC URL from the cluster's JDBC tab. For example, if the JDBC URL is:
Code Block |
---|
jdbc:databricks://adb-650081446221384.4.azuredatabricks.net:443/default;transportMode=http;ssl=1;httpPath=sql/protocolv1/o/650081446221384/0809-080132-671a9aak;AuthMech=3;UID=token;PWD=<personal-access-token> |
Change the URL as follows (change AuthMech=11 and add Auth_Flow=1 to the parameters):
Code Block |
---|
jdbc:databricks://adb-650081446221384.4.azuredatabricks.net:443/default;transportMode=http;ssl=1;AuthMech=11;httpPath=sql/protocolv1/o/650081446221384/0809-080132-671a9aak;Auth_Flow=1 |
Grant Permission to process semantic model using the above connection: To process semantic models using the above connection, grant permission on the external location (create an external location if it does not already exist for the storage account being used in your environment, such as "dev_testing"). For this service principal:
Click Catalog.
Click the Settings icon.
Click the Storage Location Name.
Create external table and write files access
Assign a role for Databricks SQL Warehouse connection:
Just as a role is assigned in the case of the Databricks SQL Warehouse connection, you need to add the "Storage Blob Data Contributor" role assignment for the above service principal on the storage account:Go to the Azure portal.
Go to the storage account, click Access Control (IAM).
Add a role assignment, select Storage Blob Data Contributor.
Select Managed Identity, choose the appropriate subscription [Dev-Enterprise or QA Enterprise], select the required managed identity, enter the Databricks connector name and Save.
Add the following properties to semantic model Advanced Properties:
kyvos.sqlwarehouse.catalog = <catalog name for temporary tables created while cubes building>
kyvos.sqlwarehouse.tempdb = <temporary database for temporary tables created while cubes building>
For more detail about Authentication settings for the Databricks JDBC Driver, refer to AWS documentation.
Working with Databricks SQL warehouse with Personal Token and OAuth
Anchor | ||||
---|---|---|---|---|
|
Creating Databricks SQL Warehouse connection with Personal Token
Anchor | ||||
---|---|---|---|---|
|
From the Toolbox, click Setup, then choose Connections.
From the Actions menu ( ⋮ ), click Add Connection.
Enter a Name for the connection.
From the Category drop-down list, select the Warehouse option.
From the Provider list, select the DatabricksSQL option.
The Driver Class field is prepopulated.
Enter Databricks SQL Warehouse JDBC URL. For more information, see Microsoft documentation.
...
Select OAuth from the Personal Access Token list.
Enter
...
Username as token.
...
Password
Enter Databricks SQL Personal Access
...
Token for the Databricks SQL workspace in the Password field.
The Use as Source
...
checkbox
...
Is default SQL Engine
...
By default, the checkbox is selected as this connection can only be used to read data (creating datasets) on which the semantic model will be created.
...
Catalog Enabled
...
Select this checkbox to list different catalog created in the workspace.
...
Properties
...
is disabled as this is a source connection.
To use this connection as the default SQL engine, select the Is Default SQL Engine checkbox.
Select the Catalog Enabled checkbox. It is mandatory to enabled it for Databricks SQL.
Click the Properties link to view or set properties.
After configuring the settings, click the Save button.
To refresh connections, click the Actions menu ( ⋮ ) at the top of the Connections column and select Refresh.
...
Creating Databricks SQL Warehouse connection with OAuth
Anchor | ||||
---|---|---|---|---|
|
You can create Databricks SQL Warehouse connection with OAuth machine-to-machine (M2M) authentication type. See Prerequisites for more details.
Creating Databricks SQL Warehouse connection with OAuth
Anchor | ||||
---|---|---|---|---|
|
From the Toolbox, click Setup, then choose Connections.
From the Actions menu ( ⋮ ), click Add Connection.
Enter a Name for the connection.
From the Category drop-down list, select the Warehouse option.
From the Provider list, select the DatabricksSQL option.
The Driver Class field is prepopulated.
Enter Databricks SQL Warehouse JDBC URL. For more information, see Microsoft documentation.
Select OAuth from the Authentication Type list. Upon selecting this option, the Client ID and Client Secret fields are displayed.
In the Client ID field, enter the value of the service principal’s Application ID, Client ID, or OAuth2ClientId.
In the Client Secret field, enter the value of the secret created for the above service principal or the OAuth2ClientId.
The Use as Source checkbox is disabled as this is a source connection.
To use this connection as the default SQL engine, select the Is Default SQL Engine checkbox.
Select the Catalog Enabled checkbox. It is mandatory to enabled it for Databricks SQL.
Click the Properties link to view or set properties.
After
...
configuring the settings
...
If the connection is valid, click the Save button.
...
, click the
...
Save button.
To refresh connections, click the Actions menu ( ⋮ ) at the top of the Connections column and select Refresh.
...
Connection Details in Kyvos for Sanity Suite
Anchor | ||||
---|---|---|---|---|
|
...
Parameter | Description |
---|---|
Name | Enter SanityConnection as a name. |
Category | Select the Warehouse option. |
Provider | Select the Generic option. |
Driver | Enter the Driver class as com.databricks.client.jdbc.Driver |
URL | Enter URL as: jdbc:databricks://adb-650081446221384.4.azuredatabricks.net:443/default;transportMode=http;ssl=1;AuthMech=3;httpPath=/sql/1.0/warehouses/3bc903419b85ed62 JDBC Databricks URL. |
Username | Enter Databricks token. |
Password | Enter Databricks token. |
Authentication Type | Select the Snowflake option. |
Spark ReadMethod | Select JDBC |
Schema Enabled | Select this checkbox to enable schemaPersonal Access Token. |
Use as Source | This checkbox is auto selected. Enter Spark Read Method as JDBC. |
Is Default SQL Engine | To enable the connection for raw data, click the Is Default SQL Engine checkbox to set this connection to run the default SQL engine. |
Properties | Click Properties to view or set properties. |
Catalog Enabled | Select this checkbox to list different catalog created in the workspace. |