By default, Databricks personnel do not have access to customer workspaces or to the production multi-tenant environments. Databricks personnel may request temporary access to your workspace in order to investigate an outage, security event, or to support your deployment.
Databricks technology controls enforce the following in such scenarios:
Limited personnel can request production access to resolve an engineering support ticket or a customer-reported issue.
Time limits are set in advance to the expected duration of the support session.
You can configure workspace audit logs to review Databricks personnel access to your workspace’s resources. Logs are delivered in typically under 15 minutes.
You can choose to block access to your workspace by Databricks personnel using a feature called Customer Approved Workspace Login. When needed, you can temporarily approve access to your workspace for only the duration of the support session.
The Customer Approved Workspace Login feature allows admins to give Databricks personnel access to their workspace for a temporary session.
As an admin, go to the admin settings page.
Click the Advanced tab.
In the Access Control section, click the Workspace access for Databricks personnel toggle to switch between enabled and not enabled.
For the Enabled option, you will be prompted to set the amount of hours you would like to allow access to your workspace. Sessions can last up to 48 hours. You may also choose to always allow access.
For the Not enabled option, you must confirm that you intend to disallow workspace access for Databricks personnel.
After access is allowed, workspace admins can track the expiration time of access in the Access Control section. Admins can also choose to disallow workspace access for Databricks personnel before the expiration time is up.