Databricks Permissions MCP Server

A Model Completion Protocol (MCP) server that provides access to Databricks permissions, credentials, and Git credentials via the MCP protocol. This allows LLM-powered tools like Claude to interact with Databricks permissions management systems.

Features

• MCP Protocol Support: Implements the MCP protocol to allow LLMs to manage Databricks permissions

• Databricks API Integration: Provides secure access to Databricks permissions REST APIs

• Permission Management: Comprehensive tools for managing permissions on various Databricks resources

• Git Credentials Management: Tools for creating, listing, updating, and deleting Git credentials

• Async Support: Built with asyncio for efficient operation

Available Tools

The Databricks Permissions MCP Server exposes the following tools:

Permissions Management

• get_permissions: Get permissions for a Databricks object

• set_permissions: Set permissions for a Databricks object

• update_permissions: Update permissions for a Databricks object

• get_permission_levels: Get available permission levels for a Databricks object type

Resource-Specific Permissions

• get_cluster_permissions: Get permissions for a cluster

• set_cluster_permissions: Set permissions for a cluster

• update_cluster_permissions: Update permissions for a cluster

• get_job_permissions: Get permissions for a job

• set_job_permissions: Set permissions for a job

• get_warehouse_permissions: Get permissions for a SQL warehouse

• get_workspace_object_permissions: Get permissions for a workspace object (notebooks, directories)

Service Principals

• list_service_principals: List all service principals in the workspace

• get_service_principal: Get details of a specific service principal

• create_service_principal: Create a new service principal

• update_service_principal: Update an existing service principal

• delete_service_principal: Delete a service principal

Unity Catalog Permissions

• get_catalog_permissions: Get permissions for a Unity Catalog catalog

• get_schema_permissions: Get permissions for a Unity Catalog schema

• get_table_permissions: Get permissions for a Unity Catalog table

Git Credentials Management

• list_git_credentials: List all Git credentials

• create_git_credential: Create a new Git credential

• update_git_credential: Update an existing Git credential

• delete_git_credential: Delete a Git credential

Installation

Prerequisites

• Python 3.10 or higher

• MCP-compatible client (e.g., Claude Desktop)

Setup

1. Clone the repository:

   git clone https://github.com/yourusername/databricks-permissions-mcp-server.git
   cd databricks-permissions-mcp-server

2. Set up the project:

   # Create and activate virtual environment
   python -m venv .venv
   
   # On Windows
   .\.venv\Scripts\activate
   
   # On Linux/Mac
   source .venv/bin/activate
   
   # Install dependencies in development mode
   pip install -e .

3. Set up environment variables:

   # Windows
   set DATABRICKS_HOST=https://your-databricks-instance.azuredatabricks.net
   set DATABRICKS_TOKEN=your-personal-access-token
   
   # Linux/Mac
   export DATABRICKS_HOST=https://your-databricks-instance.azuredatabricks.net
   export DATABRICKS_TOKEN=your-personal-access-token

   You can also create an .env file based on the .env.example template.

Running the MCP Server

To start the MCP server, run:

# Windows
.\start_mcp_server.ps1

# Linux/Mac
./start_mcp_server.sh

Using with Claude Desktop

1. In Claude Desktop, click the "+" button to add a new tool

2. Select "Custom command"

3. Enter a name like "Databricks Permissions"

4. For the command, enter: python -m src.server.databricks_permissions_mcp_server

5. Click "Save"

6. You can now ask Claude to perform tasks like:

   • "List all Git credentials in Databricks"

   • "Show permissions for cluster X"

   • "Update permissions for job Y to give user Z 'CAN_MANAGE' access"

Project Structure

databricks-permissions-mcp-server/
├── src/                             # Source code
│   ├── api/                         # Databricks API clients
│   │   ├── permissions.py           # Permissions API client
│   │   ├── service_principals.py    # Service principals API client
│   │   ├── unity_catalog.py         # Unity Catalog API client
│   │   ├── shares.py                # Delta Sharing API client
│   │   └── git_credentials.py       # Git credentials API client
│   ├── core/                        # Core functionality
│   ├── server/                      # Server implementation
│   │   ├── databricks_permissions_mcp_server.py # Main MCP server
│   │   └── app.py                   # FastAPI app for tests
│   └── cli/                         # Command-line interface
├── tests/                           # Test directory
├── scripts/                         # Helper scripts
└── pyproject.toml                   # Project configuration

Development

Code Standards

• Python code follows PEP 8 style guide with a maximum line length of 100 characters

• All classes, methods, and functions should have Google-style docstrings

• Type hints are required for all code except tests

Testing

The project uses pytest for testing. To run the tests:

# Run all tests
pytest tests/

# Run with coverage report
pytest --cov=src tests/ --cov-report=term-missing

License

This project is licensed under the MIT License - see the LICENSE file for details.