Narrator just needs a personal access token to connect. This can be done either though an existing user, or with a service principal.
Option 1: Service Principal (cannot be done through the user interface)
- create a new service principal for Narrator to connect
- grant the can use token permission to it
- Create a Databricks personal access token on behalf of the service principal using the POST
/token-management/on-behalf-of/tokens operationAPI in the token management REST API.
Option 2: User
- Navigate to your Account Console
- create a new user, or identify an existing user Narrator can connect as
- generate a personal access token (see below)
Additional resources can be found in the following documentation
- Navigate to your Databricks workspace and click the
Settings Iconin the lower-left corner as shown below. Then go to your
- Navigate to the
Access Tokenstab and click on
Generate New Tokenas shown below.
go to SQL > Create > SQL warehouse if it hasn't been created
Navigate to your Databricks workspace and click the
SQL Endpoints iconpresent in the sidebar.
Choose an endpoint where you want to connect.
Navigate to the
Connection Detailstab and copy the
HTTP Pathdetails as shown below.
Narrator's Public Key
Navigate to the Narrator warehouse settings page and enter the credentials to connect your warehouse
If connecting doesn't work ensure the user has
databricks-sql-accesspermissions. It should be granted by default
Narrator needs the proper permissions to query source tables and manage its activity stream.
Here's how Narrator works with the warehouse
- We have full access to one schema, called
narratorby convention, where we create and update the activity stream tables, enrichment tables, materialized views, etc
- We have readonly access to any schemas we need to query to build the activity stream
narrator_mv schemas and grant all privileges to the narrator user
CREATE SCHEMA narrator; GRANT ALL PRIVILEGES ON SCHEMA narrator TO `...`; CREATE SCHEMA narrator_mv; GRANT ALL PRIVILEGES ON SCHEMA narrator_mv TO `...`;
ALL PRIVILEGESseems like too much grant
SELECT, CREATE, MODIFY, USAGE, READ_METADATA
Grant select on all source data schemas Narrator will need to access
GRANT USAGE, READ_METADATA, SELECT ON SCHEMA <schema_name> TO `...`
Updated about 1 year ago