Databricks Workspace

Live

BEARER TOKEN

ANALYTICS

Analytics

Every notebook, cluster, and SQL job your team runs lives in Databricks. Databricks Workspace MCP gives your agent authenticated access to your data platform scoped to the user who authorized it.

  • Acts as the user: Access and write actions stay tied to the Databricks Workspace account that authorized the agent.
  • Credentials stay vaulted: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: User permissions enforced. 90-day audit trail.
Databricks Workspace
agent · Acme Q3
Run
Which jobs failed in the last 24 hours and what were the error messages?
S
databricks_jobs_list
91ms
Data platform agent
3 failed jobs. etl_daily_pipeline (OOM: 32GB limit exceeded), feature_store_refresh (timeout 3600s), clickstream_agg (syntax error in stage 3).
Sources: 3 failed job runs, last 24 hours
databricksworkspacemcp
3 jobs
18:29
Message Claude...

Tools your data platform agent reaches for on Databricks Workspace, scoped per user.

CALL ANY TOOL
List clusters and jobs, run SQL queries, inspect notebook paths, and monitor run status.
databricksworkspace_cluster_get
Get cluster
Get details of a specific Databricks cluster by cluster ID.
Parameters
Name
Type
Required
Description
cluster_id
string
Required
The unique identifier of the cluster.
databricksworkspace_cluster_start
Start cluster
databricksworkspace_cluster_terminate
Cluster Terminate
databricksworkspace_clusters_list
List clusters
databricksworkspace_information_schema_columns
Information Schema Columns
databricksworkspace_information_schema_schemata
Information Schema Schemata
databricksworkspace_information_schema_table_constraints
Information Schema Table Constraints
databricksworkspace_information_schema_tables
Information Schema Tables
databricksworkspace_job_get
Get job
databricksworkspace_job_run_now
Job Run Now
databricksworkspace_job_runs_list
List job runs
databricksworkspace_jobs_list
List jobs
databricksworkspace_scim_me_get
Get scim me
databricksworkspace_scim_users_list
List scim users
databricksworkspace_secrets_scopes_list
List secrets scopes
databricksworkspace_sql_statement_cancel
Cancel sql statement
databricksworkspace_sql_statement_execute
Execute sql statement
databricksworkspace_sql_statement_get
Get sql statement
databricksworkspace_sql_statement_result_chunk_get
Get sql statement result chunk
databricksworkspace_sql_warehouse_get
Get sql warehouse
databricksworkspace_sql_warehouse_start
Start sql warehouse
databricksworkspace_sql_warehouse_stop
Stop sql warehouse
databricksworkspace_sql_warehouses_list
List sql warehouses
databricksworkspace_unity_catalog_catalogs_list
List unity catalog catalogs
databricksworkspace_unity_catalog_schemas_list
List unity catalog schemas
databricksworkspace_unity_catalog_tables_list
List unity catalog tables
Build your Agent
Drop the toolkit in, point it at the user, and your data platform agent can use Databricks Workspace from the first run.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["databricksworkspace"], toolNames: ["databricks_clusters_list", "databricks_cluster_get", "databricks_jobs_list"] },
pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
name: t.tool.definition.name,
description: t.tool.definition.description,
schema: z.object({}).passthrough(),
func: async (args) => {
const { data } = await sk.tools.executeTool({
toolName: t.tool.definition.name,
identifier: "user_123",
params: args,
});
return JSON.stringify(data);
},
}));

const agent = createReactAgent({ llm, tools: lcTools });
import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["databricksworkspace"], toolNames: ["databricks_clusters_list", "databricks_cluster_get", "databricks_jobs_list"] },
pageSize: 100,
});

const llmTools = tools.map((t) => ({
type: "function",
function: {
name: t.tool.definition.name,
description: t.tool.definition.description,
parameters: t.tool.definition.input_schema,
},
}));

const resp = await openai.responses.create({
model: "gpt-4o", input: prompt, tools: llmTools,
});
import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["databricksworkspace"], toolNames: ["databricks_clusters_list", "databricks_cluster_get", "databricks_jobs_list"] },
pageSize: 100,
});

const llmTools = tools.map((t) => ({
name: t.tool.definition.name,
description: t.tool.definition.description,
input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
model: "claude-sonnet-4-6", max_tokens: 1024,
tools: llmTools,
messages: [{ role: "user", content: prompt }],
});
import { Agent } from "@google/adk/agents";
import {
MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
connectionParams: new StreamableHTTPConnectionParams({
url: "https://mcp.scalekit.com/databricksworkspace",
headers: { Authorization: `Bearer ${userScopedToken}` },
}),
});

const agent = new Agent({
name: "agent", model: "gemini-2.0-flash",
tools: await toolset.getTools(),
});
Try these prompts
Paste any prompt into your agent to start using Databricks Workspace.
Search & schema
Copy the prompt
Copied
List all running clusters.
Copy the prompt
Copied
Show me notebooks in /Shared/pipelines.
Copy the prompt
Copied
Which jobs are scheduled to run tonight?
Copy the prompt
Copied
Get the schema for [table name] in [catalog].
Query & analysis
Copy the prompt
Copied
Run: SELECT date, COUNT(*) FROM events.signups GROUP BY date.
Copy the prompt
Copied
Top 10 tables by row count in [schema].
Copy the prompt
Copied
Daily job run counts for the last 14 days.
Copy the prompt
Copied
Failed job error summary this week.
Monitoring & ops
Copy the prompt
Copied
Which jobs failed in the last 24 hours?
Copy the prompt
Copied
Get error message for run [run_id].
Copy the prompt
Copied
List clusters with more than 10 workers.
Copy the prompt
Copied
Which SQL warehouses are auto-stopped?
SEE HOW AUTH WORKS
Users authorize Databricks Workspace once. Their credentials stay vaulted, every call is checked, and every action is logged.
1
Authorize
Your user connects
Databricks Workspace
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Databricks Workspace
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Databricks Workspace
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Databricks Workspace
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
Same per-user auth pattern across other data platform agents and MCP connectors. Working code, live demos, fork what fits.
ENGINEERING
DevOps assistant agent
Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.
ENGINEERING
Engineering standup agent
Aggregate GitHub and GitLab activity, link to Jira, and post a daily standup digest to Slack. No async updates.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.
01.
Queries run as the service principal, not the analyst
A shared Databricks PAT looks fine in a demo. In production, every SQL query and job run is attributed to the service account. Unity Catalog row filters break. Scalekit resolves the user's token so queries run as the right identity.
// shared PAT
token = "dapi_databricks_shared_xxx"
audit → svc_account
uc_filter → broken

// scalekit · per-user
token = resolve(user_id)
audit → user_abc
scope → enforced ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
Databricks Workspace today. Others tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access Databricks Workspace as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the Databricks Workspace bearer token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.
Can I limit what the agent is allowed to do in Databricks Workspace?
Yes. Pass a tool name filter to listScopedTools so the data platform agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Databricks Workspace.
What happens when a user revokes Databricks Workspace access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.
Can the agent run SQL queries across all Unity Catalog catalogs?
Only catalogs and schemas the authorizing user's personal access token permits. Unity Catalog permissions, table ACLs, and column-level masking all apply. Queries that exceed the user's grants return an access denied error, not partial data.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""databricksworkspace"": {
""url"": ""https://mcp.scalekit.com/databricksworkspace"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.databricksworkspace]
url = ""https://mcp.scalekit.com/databricksworkspace""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""databricksworkspace"": {
""url"": ""https://mcp.scalekit.com/databricksworkspace"",
""type"": ""http""
}
}
}