Certified Data Engineer Professional Exam QuestionsBrowse all questions from this exam
Go to Exam

Certified Data Engineer Professional Exam - Question 100

The data engineering team has been tasked with configuring connections to an external database that does not have a supported native connector with Databricks. The external database already has data security configured by group membership. These groups map directly to user groups already created in Databricks that represent various teams within the company.

A new login credential has been created for each group in the external database. The Databricks Utilities Secrets module will be used to make these credentials available to Databricks users.

Assuming that all the credentials are configured correctly on the external database and group membership is properly configured on Databricks, which statement describes how teams can be granted the minimum necessary access to using these credentials?

Show Answer
Correct Answer: BC

In Databricks, secret scopes are used to manage and organize secrets effectively. By setting 'Read' permissions on a secret scope containing the credentials, the team is granted access to only the necessary credentials without providing additional privileges. This approach ensures that teams have the minimum necessary access and maintains a scalable and organized method of handling secrets. 'Manage' permissions would grant more access than needed and permissions set at the secret key level lack the organizational benefits provided by secret scopes.

Discussion

4 comments
Sign in to comment
EnduresoulOption: C
Nov 26, 2023

Answer C is correct: https://docs.databricks.com/en/security/auth-authz/access-control/secret-acl.html#secret-access-control "Access control for secrets is managed at the secret scope level"

Somesh512Option: C
Jan 31, 2024

Access is at scope level and not key level

vctrhugoOption: C
Feb 6, 2024

In Databricks, secret scopes are used to manage and organize secrets. By setting "Read" permissions on a secret scope containing the credentials, you allow the team to access the necessary credentials without granting unnecessary privileges. This approach ensures that the teams have the minimum necessary access to the credentials required for connecting to the external database. "Manage" permissions would provide more access than needed for just using the credentials. Option A and D suggest setting permissions on individual secret keys, which might work, but using a secret scope for organizational purposes is a cleaner and more scalable solution.

petrvOption: C
Dec 2, 2023

In summary, while technically feasible, setting "Read" permissions on a secret key might not be the most efficient or scalable solution when dealing with multiple teams and their corresponding credentials. Using secret scopes provides a more organized and maintainable approach for managing secrets in Databricks.