Exam Certified Data Engineer Professional All QuestionsBrowse all questions from this exam
Go to Exam
Question 153

The data engineering team has been tasked with configuring connections to an external database that does not have a supported native connector with Databricks. The external database already has data security configured by group membership. These groups map directly to user groups already created in Databricks that represent various teams within the company.

A new login credential has been created for each group in the external database. The Databricks Utilities Secrets module will be used to make these credentials available to Databricks users.

Assuming that all the credentials are configured correctly on the external database and group membership is properly configured on Databricks, which statement describes how teams can be granted the minimum necessary access to using these credentials?

    Correct Answer: C

    To grant teams the minimum necessary access to using the credentials, 'Read' permissions should be set on a secret scope containing only those credentials that will be used by a given team. By configuring the secret scope at the team level, access is securely managed and restricted to the appropriate group, ensuring that credentials are only accessible to the correct users. This approach maintains the principle of least privilege and aligns with security best practices.

Discussion
hpkrOption: C

C is correct. Read permission on secret scope should work here.

FreyrOption: C

Correct Answer: C This option is the best practice for managing access to sensitive data. By creating a secret scope dedicated to each team and setting "Read" permissions on the scope, you ensure that only the intended team members can access their respective credentials. This method aligns with security best practices by tightly controlling access based on group membership and reducing the risk of unauthorized access.

MDWPartnersOption: C

Seems C