Skip to main content
Connect your Databricks SQL warehouse to Draftt to govern the assets you track there. Draftt reads the inventory tables you select with read-only access.
Draftt’s access is read-only. The connector only ever receives USE CATALOG, USE SCHEMA, and SELECT — it can never write, modify, or delete data. You choose exactly which tables Draftt syncs, and your OAuth secret is encrypted at rest and never shown again after you save.

What you’ll need

  • Account or workspace admin — to create the service principal Draftt authenticates as.
  • Metastore admin, or the owner of the target schema and tables — to grant the service principal read access to your data.
  • A running SQL warehouse (serverless or pro).
  • Access to the Draftt dashboard (Integrations > Azure Databricks).
During setup you’ll provide Draftt with your workspace host, client ID, and OAuth secret, and choose the catalog, schema, and table that hold your inventory.

Setup

1

Connect to your workspace

In Databricks:
  1. Create a Databricks-managed service principal under Settings > Identity and access > Service principals > Manage > Add service principal. See Microsoft’s guide, Add service principals to your account.
  2. Give it the Databricks SQL access entitlement.
  3. Generate an OAuth secret under Service principals > Manage > (your principal) > Secrets > Generate secret. Copy the Secret and Client ID now — the secret is shown only once.
  4. Grant the principal CAN_USE on your warehouse under SQL Warehouses > (your warehouse) > Permissions.
In Draftt (Integrations > Azure Databricks > Connect):
  1. Enter the Workspace host (host only, no https://, e.g. adb-1234567890.azuredatabricks.net), the Client ID, and the OAuth secret.
  2. Click Test connection.
A personal access token (PAT) is supported as a legacy alternative, but OAuth M2M is recommended for production because it isn’t tied to an individual user’s token lifetime.
2

Select your SQL warehouse

Select the SQL warehouse Draftt should query.
3

Enter the catalog and schema

Enter the catalog and schema that hold your inventory (for example inventory and assets), then run these grants in a Databricks SQL editor so Draftt can reach them:
GRANT USE CATALOG ON CATALOG inventory TO `draftt-connector`;
GRANT USE SCHEMA ON SCHEMA inventory.assets TO `draftt-connector`;
4

Grant read access

Grant Draftt read access to the schema, then select the table that holds your components, devices, or servers (for example components) and validate that Draftt can read it:
GRANT SELECT ON SCHEMA inventory.assets TO `draftt-connector`;
To limit access to a single table, grant SELECT ON TABLE instead of ON SCHEMA.
5

Review and save

Give the connection a name (for example Asset inventory -- prod) and click Save connection.

What Draftt reads

Draftt’s access is read-only (SELECT-only). It reads the table and column metadata and the rows of the inventory tables you select, and nothing outside the granted schema or tables. It cannot create, modify, or delete anything.

Troubleshooting

Authentication failed: Check the client ID and OAuth secret (or PAT) and confirm the secret hasn’t expired. Cannot access the SQL warehouse: Verify the warehouse exists and the service principal has CAN_USE on it. Missing Unity Catalog permissions: Grant USE CATALOG, USE SCHEMA, and SELECT on the target catalog, schema, and table. Warehouse is stopped or starting: Wait for it to start (serverless warehouses start on demand) and retry. Could not reach the workspace: Check the workspace host value and your network connection.