databricks-mcp
This server acts as a Model Context Protocol (MCP) interface for Databricks, allowing LLM agents to manage and query a Databricks workspace through various APIs. Key capabilities include:
Authentication & Utilities
Identify the authenticated principal (
whoami), view server configuration (auth_config)
Workspace Management
List, get, create directories, delete, export, and import notebooks and files; list/read files under
/Workspace/files
Clusters
List, get, create, edit, start, restart, resize, terminate, delete clusters; view cluster events; list node types and Spark versions
Jobs
List, get, create, update, reset, delete jobs; trigger runs, list/get/cancel/repair/export runs; cancel all active runs
SQL Warehouses
List, get, create, edit, start, stop, delete SQL warehouses
SQL Execution & Queries
Execute SQL statements, poll status, fetch results, cancel statements; list/get/create/update/delete saved queries; view query history
Alerts & Dashboards
SQL Alerts: list, get, create, update, delete
Lakeview Dashboards: list, get, create, update, delete, publish, unpublish, restore, purge; manage schedules
Legacy Dashboards: list and get
Unity Catalog
CRUD operations on catalogs, schemas, tables, volumes, and functions
Additional Features
Delta Live Tables: list, get, create, start, stop, delete pipelines; manage pipeline updates
MLflow: manage experiments, runs, registered models, model versions, webhooks
Model Serving: create, list, get, update, delete, query serving endpoints
Vector Search: CRUD on endpoints and indexes; upsert, query, scan
Databricks Apps: list, get, create, update, delete
Repos (Git): list, get, create, update, delete; pull, push, commit
Secrets: manage scopes and secrets (list, put, get, delete)
DBFS: list, get, put, delete files
Tokens: list, create, revoke
Permissions (ACLs): get, set, update, delete on jobs, clusters, pipelines, etc.
Identity/SCIM: list users, groups, service principals
Delta Sharing: manage shares, recipients, providers
Genie (AI/BI): list spaces, ask questions
Account APIs: manage workspaces, metastores, storage, credentials, users, groups, service principals
Provides tools to manage and query Databricks workspaces, including clusters, jobs, SQL warehouses, notebooks, MLflow, Unity Catalog, Delta Live Tables, and more.
Supports dbt tasks in job creation and execution.
Enables management of Delta Live Tables (pipelines) and Delta Sharing shares, recipients, and providers.
Supports git-based repositories (Repos) with operations to list, get, create, update, delete, pull, push, and commit.
Provides tools for managing MLflow experiments, runs, models, registered models, model versions, and webhooks.
Allows management of Unity Catalog resources including catalogs, schemas, tables, columns, volumes, functions, and grants.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@databricks-mcplist my active clusters"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
databricks-mcp
A Model Context Protocol (MCP) server that exposes the Databricks REST APIs as MCP tools so an LLM agent can manage and query a Databricks workspace.
The server speaks MCP over stdio (for Claude Desktop / Claude Code /
Cursor / IDE hosts) and supports a single --transport streamable-http mode
for remote deployments (Databricks Apps, container, etc.).
Safe by default. Out of the box only list and create tools are
exposed — roughly 110 of the 303 available. Mutating, destructive, and
single-record-read tools are hidden until you opt in via env vars or CLI
flags. See Permissions below.
Features
303 tools across these Databricks domains. Default visibility indicates whether the tools are exposed in safe-by-default mode; everything else is opt-in.
Domain | Tools | Default |
Workspace | list / get / create / delete / export / import notebooks; list / get / mkdir / delete workspace files and dirs | list, create only |
Clusters | list, get, create, start, terminate, restart, resize, edit, delete; cluster events; cluster policies; instance pools; node types; spark versions | list, create only |
Jobs | list, get, create, run-now, list-runs, get-run, cancel-run, delete; full task types (notebook, spark_jar, python_wheel, dbt, sql, pipeline, run_job, condition, for_each) | list, create only |
SQL Warehouses | list, get, create, start, stop, edit, delete | list, create only |
SQL Queries / Dashboards / Alerts / Data | list / get / run SQL statements, dashboards (legacy + Lakeview), alerts | list, create only |
Unity Catalog | catalogs, schemas, tables, columns, volumes, functions, grants, model versions | list, create only |
Delta Live Tables (Pipelines) | list, get, create, start, stop, delete; pipeline updates | list, create only |
MLflow | experiments, runs, models, registered models, model versions, webhooks | list, create only |
Model Serving | serving endpoints (create, list, get, update, delete, query) | list, create only |
Vector Search | endpoints (create, list, get, delete), indexes (create, list, get, delete, upsert, query, scan) | list, create only |
Databricks Apps | list, get, create, update, delete | list, create only |
Repos (Git) | list, get, create, update, delete; pull, push, commit | list, create only |
Secrets | list, put, get, delete scopes and secrets | list, create only |
DBFS | list, get, put, delete files | list, create only |
Tokens | list, create, revoke | list, create only |
Permissions | get / set / update / delete ACLs on jobs, clusters, pipelines, etc. | list, create only |
Identity / SCIM | list users, groups, service principals | list, create only |
Delta Sharing | list / create / update / delete shares, recipients, providers | list, create only |
Genie (AI/BI) | list spaces, ask-question | list, create only |
Account APIs | workspaces, metastores, storage, credentials, users, groups, service principals | list, create only |
Utilities | workspace status, current user, whoami, auth_config | always exposed |
To expose everything (legacy behaviour), set
DATABRICKS_MCP_ENABLE_VERBS=list,get,create,update,delete.
Related MCP server: Databricks MCP Server
Install
# From source (this repo)
uv tool install .
# Or pipx / pip
pipx install .
# or
pip install .
# Or run directly with uvx
uvx --from . databricks-mcpConfigure
The server needs three environment variables (or CLI flags):
Variable | Required | Example |
| yes |
|
| one of PAT or OAuth must be set |
|
| OAuth M2M alternative to PAT | — |
| only for account-level APIs |
|
You can also pass them as CLI flags: --host, --token.
Permissions (safe by default)
Each tool is classified into one of five verb categories. The default
policy exposes only list and create; the rest are hidden.
Category | Default | Approx. tools | Examples |
| ON | ~50 |
|
| ON | ~30 |
|
| OFF | ~60 |
|
| OFF | ~100 |
|
| OFF | ~60 |
|
Three knobs
In increasing precedence:
Knob | Env var | CLI flag |
Verb categories ON by default |
|
|
Per-tool allow (always shown) |
|
|
Per-tool deny (always hidden) |
|
|
Resolution per tool: deny wins over allow wins over verb category.
Examples
# Legacy behaviour — full surface exposed
DATABRICKS_MCP_ENABLE_VERBS=list,get,create,update,delete databricks-mcp
# Default + opt in to running jobs and editing clusters
DATABRICKS_MCP_ENABLE_TOOLS=jobs_run_now,clusters_edit databricks-mcp
# Default + hide notebook delete even though delete is OFF anyway
DATABRICKS_MCP_DISABLE_TOOLS=workspace_delete databricks-mcp
# Read-only audit agent
DATABRICKS_MCP_ENABLE_VERBS=list,get databricks-mcp
# CLI flag form (same as the first env-var example)
databricks-mcp --enable-verbs list,get,create,update,deleteVerify the active policy at runtime via the auth_config tool — it
returns a policy block with enabled_verbs, allowed_tools,
denied_tools, and registered_tool_count. Full reference:
docs/PERMISSIONS.md.
Use with Claude Desktop
Three ready-made profiles are in
examples/claude_desktop_config.json:
databricks— full surface (every verb enabled).databricks-restricted— default list+create plus destructive-tool denylist.databricks-readonly— list and get only.
Add the one you want to
~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"databricks": {
"command": "databricks-mcp",
"env": {
"DATABRICKS_HOST": "https://dbc-1234567890.cloud.databricks.com",
"DATABRICKS_TOKEN": "dapi..."
}
}
}
}Use with Claude Code
claude mcp add databricks \
--transport stdio \
--env DATABRICKS_HOST=https://dbc-1234567890.cloud.databricks.com \
--env DATABRICKS_TOKEN=dapi... \
-- databricks-mcpTo opt back into the full surface:
claude mcp add databricks \
--transport stdio \
--env DATABRICKS_HOST=https://dbc-1234567890.cloud.databricks.com \
--env DATABRICKS_TOKEN=dapi... \
--env DATABRICKS_MCP_ENABLE_VERBS=list,get,create,update,delete \
-- databricks-mcpRun from source
# stdio (default)
uv run databricks-mcp
# streamable HTTP (for remote deployment / Databricks Apps)
uv run databricks-mcp --transport streamable-http --host 0.0.0.0 --port 8000Test with MCP Inspector
npx -y @modelcontextprotocol/inspector databricks-mcpSet DATABRICKS_HOST and DATABRICKS_TOKEN in the Inspector's env form
and click Connect. Browse the tool list — by default you'll see only
list/create tools. To see everything, add
DATABRICKS_MCP_ENABLE_VERBS=list,get,create,update,delete to the env.
Try the auth_config tool first to verify your setup; it reports the
active policy as JSON.
Documentation
docs/PERMISSIONS.md— full permission reference, verb classification, common configurations.docs/AUTH.md— PAT vs OAuth M2M, on-behalf-of flow.docs/TOOLS.md— every tool grouped by domain.docs/EXAMPLES.md— sample invocations.docs/DEVELOPING.md— how to add new tools.
License
MIT.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/inav/databricks-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server