Control: Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
Configures auditing against a CIS Benchmark item.
Level: 1
Databricks personal access tokens (PATs) provide API-based authentication for users and applications. By default, users can generate API tokens without expiration, leading to potential security risks if tokens are leaked, improperly stored, or not rotated regularly.
To mitigate these risks, administrators should: - Restrict token creation to approved users and service principals. - Enforce expiration policies to prevent long-lived tokens. - Monitor token usage and revoke unused or compromised tokens.
Restricting usage and enforcing expiry for personal access tokens reduces exposure to long-lived tokens, minimizes the risk of API abuse if compromised, and aligns with security best practices through controlled issuance and enforced expiry.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
- Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 03 - Analytics Services
- Azure > CIS v4.0 > 03 - Analytics Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r030106
- tmod:@turbot/cis#/control/categories/v071607
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r030106"
Get Controls