Answer-first summary for fast verification
Answer: User A's identity will be associated with the job creation events, while User B's identity will be associated with the job execution events.
Databricks audit logs capture the identity of the specific principal (user or service principal) whose credentials were used to authenticate a REST API request. * **User A**: When User A calls `jobs/create`, the audit log entry for the event will list User A as the actor. * **User B**: When User B invokes `jobs/run-now` (or similar run APIs), the audit log entry for the execution event will list User B as the actor. Audit logs do not automatically attribute actions to the resource owner; they record the actual principal performing the operation. You can verify this behavior by querying the `system.access.audit` table, which includes `userId` and `userName` columns for every API event.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A data engineer (User A) creates several Databricks jobs using the REST API and their personal access token. Later, a DevOps engineer (User B) configures an external orchestration tool to trigger these jobs via the REST API using their own personal access token.
How will these distinct actions be represented in the Databricks workspace audit logs?
A
User A's identity will be associated with the job creation events, while User B's identity will be associated with the job execution events.
B
Since User A is the owner/creator of the jobs, their identity will be logged for both the creation and all subsequent executions of those jobs.
C
Because the REST API was utilized, the system will automatically attribute all events to a default Service Principal identity.
D
To maintain security, user-specific identities are excluded from audit logs when using REST API tokens; only the action type is recorded.
No comments yet.