๐ก๏ธ Azure Databricks groups are not reviewed periodically๐ขโช
- Contextual name: ๐ก๏ธ Databricks groups are not reviewed periodically๐ขโช
- ID:
/ce/ca/azure/databricks/groups-reviewed-periodically - Tags:
- โช Impossible policy
- ๐ข Policy with categories
- ๐ข Policy with type
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Descriptionโ
Descriptionโ
Azure Databricks groups are used with role-based access control to assign permissions to users and service principals. These assignments should be reviewed periodically to confirm that access remains appropriate.
Rationaleโ
Regular access reviews reduce the risk of stale or excessive permissions in Databricks workspaces. Reviewing group membership and role assignments helps ensure that users retain only the access required for their current responsibilities.
Impactโ
Periodic reviews require administrative effort and coordination with workspace owners. Removing or changing assignments without validation may disrupt users, jobs, or integrations that depend on Databricks access.
Auditโ
From Azure Portalโ
- Open
Azure Databricks.- Select the Databricks workspace to audit.
- Select
Access control (IAM).- Select
Role assignments.- Review each role assignment and verify that assigned groups and users are still required.
Default Valueโ
By default, Azure Databricks has the owner user and role assigned.
... see more
Remediationโ
Remediationโ
From Azure Portalโ
- Open
Azure Databricks.- Select the Databricks workspace to remediate.
- Select
Access control (IAM).- Select
Role assignments.- Remove group or user assignments that are no longer required.
- To add an approved assignment, select
Add role assignment.- Select the required role, select the approved group members, and then select
Review + assign.- Repeat the review for each Databricks workspace.
Document the review outcome and repeat the process at the interval defined by the organization's access review policy.
policy.yamlโ
Linked Framework Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ CIS Azure v6.0.0 โ ๐ผ 2.1.12 Ensure Azure Databricks groups are reviewed periodically (Manual) | 1 | no data | |||
| ๐ผ Cloudaware Framework โ ๐ผ Role-Based Access Control (RBAC) Management | 29 | no data |