Policy: Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
Configures auditing against a CIS Benchmark item.
Level: 1
Personal Access Tokens (PATs) are used for authentication when accessing Databricks REST APIs and can be used to access sensitive data. It's important to restrict PAT creation and ensure all PATs have defined expiry dates.
Restricting PAT usage and enforcing expiry dates provides: - Reduced risk of credential compromise - Better control over API access - Compliance with security best practices for credential management - Regular rotation of authentication credentials
This control requires manual verification to confirm that PAT restrictions and expiry policies are configured in the Databricks workspace.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv5-0#/policy/types/r020106
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/r020106"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/r020106"
Get Policy TypeGet Policy Settings