Personal Access Token Security Improvements
Most Databricks users end up needing to generate a Personal Access Token - which I am guessing is why Microsoft started to default that setting to ON.
The problem is, from an Access Control perspective these tokens present a massive risk to any organization because there are no controls around them.
These tokens allow direct access to everything the user has access to and all it takes to cause a major data breach is for one user to accidentally post one of these tokens on a public forum or GitHub.
Here are a few specific issues:
1. Even though conditional access can be applied to the workspace, Tokens have the ability to circumvent this control.
There is no way to create an Enterprise wide policy that limits the time a token is valid and prevents unlimited tokens from being issued.
There is no way to limit how many tokens a user can create.
There is no way to see how many tokens an individual user has or even know how many total tokens are issued.
There is no easy way for an admin to revoke a specific user's token if it is compromised.
There is no way to prevent users from sharing these tokens (for example, by limiting concurrent sessions).
These limitations should be a major concern for anyone who uses Databricks with sensitive data or mission critical processes.