> ## Documentation Index
> Fetch the complete documentation index at: https://docs.draftt.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Azure Databricks
> Connect a Databricks SQL warehouse so Draftt can read your asset inventory with read-only access.
Connect your Databricks SQL warehouse to Draftt to govern the assets you track there. Draftt reads the inventory tables you select with read-only access.
Draftt's access is **read-only**. The connector only ever receives `USE CATALOG`, `USE SCHEMA`, and `SELECT` -- it can never write, modify, or delete data. You choose exactly which tables Draftt syncs, and your OAuth secret is encrypted at rest and never shown again after you save.
## What you'll need
* **Account or workspace admin** -- to create the service principal Draftt authenticates as.
* **Metastore admin, or the owner of the target schema and tables** -- to grant the service principal read access to your data.
* A running **SQL warehouse** (serverless or pro).
* Access to the Draftt dashboard (**Integrations > Azure Databricks**).
During setup you'll provide Draftt with your **workspace host**, **client ID**, and **OAuth secret**, and choose the **catalog, schema, and table** that hold your inventory.
## Setup
In Databricks:
1. Create a Databricks-managed service principal under **Settings > Identity and access > Service principals > Manage > Add service principal**. See Microsoft's guide, [Add service principals to your account](https://learn.microsoft.com/en-us/azure/databricks/admin/users-groups/manage-service-principals#-add-service-principals-to-your-account).
2. Give it the **Databricks SQL access** entitlement.
3. Generate an OAuth secret under **Service principals > Manage > (your principal) > Secrets > Generate secret**. Copy the **Secret** and **Client ID** now -- the secret is shown only once.
4. Grant the principal `CAN_USE` on your warehouse under **SQL Warehouses > (your warehouse) > Permissions**.
In Draftt (**Integrations > Azure Databricks > Connect**):
5. Enter the **Workspace host** (host only, no `https://`, e.g. `adb-1234567890.azuredatabricks.net`), the **Client ID**, and the **OAuth secret**.
6. Click **Test connection**.
A personal access token (PAT) is supported as a legacy alternative, but OAuth M2M is recommended for production because it isn't tied to an individual user's token lifetime.
Select the **SQL warehouse** Draftt should query.
Enter the **catalog** and **schema** that hold your inventory (for example `inventory` and `assets`), then run these grants in a Databricks SQL editor so Draftt can reach them:
```sql theme={null}
GRANT USE CATALOG ON CATALOG inventory TO `draftt-connector`;
GRANT USE SCHEMA ON SCHEMA inventory.assets TO `draftt-connector`;
```
Grant Draftt read access to the schema, then select the table that holds your components, devices, or servers (for example `components`) and validate that Draftt can read it:
```sql theme={null}
GRANT SELECT ON SCHEMA inventory.assets TO `draftt-connector`;
```
To limit access to a single table, grant `SELECT ON TABLE` instead of `ON SCHEMA`.
Give the connection a name (for example `Asset inventory -- prod`) and click **Save connection**.
## What Draftt reads
Draftt's access is **read-only** (SELECT-only). It reads the table and column metadata and the rows of the inventory tables you select, and nothing outside the granted schema or tables. It cannot create, modify, or delete anything.
## Troubleshooting
**Authentication failed:** Check the client ID and OAuth secret (or PAT) and confirm the secret hasn't expired.
**Cannot access the SQL warehouse:** Verify the warehouse exists and the service principal has `CAN_USE` on it.
**Missing Unity Catalog permissions:** Grant `USE CATALOG`, `USE SCHEMA`, and `SELECT` on the target catalog, schema, and table.
**Warehouse is stopped or starting:** Wait for it to start (serverless warehouses start on demand) and retry.
**Could not reach the workspace:** Check the workspace host value and your network connection.