Note: This is a fictionalized account. If it sounds exactly like your company, that’s just because dysfunction has a standard operating procedure.
Once a month, the permissions in Databricks vanish. Not all of them, just enough to ruin your morning and make everyone wonder who angered the SCIM gods this time.
The parent company’s fix?
Put multiple sub-companies on the same tenant and let “random competent-looking people” inherit admin rights. Not the actual admins. Not cloud architects (we don’t have one). Just whoever looks like they’ve touched a database before.
The Lottery of Authority
That’s how I ended up as a Metastore Admin in Databricks.
Not because I asked. Not because I trained for it.
Because nobody knew how to set up Unity Catalog and I needed one.
So I was told:
“We trust you”
Three teams messages later, I was a Metastore Admin.
I build pipelines. I fix SQL Servers. I duct-tape orchestration jobs until they stop screaming. I am not a “permissions guru.” But congratulations to me, I now hold the keys to a catalog that controls governance across multiple companies. Totally fine. Nothing risky about that.
The Monthly Disappearing Act
When the sync runs (across orgs jammed onto one tenant), roles just… evaporate:
- Analysts lose read access.
- Engineers lose write rights.
- Some poor soul gets promoted to “admin” by accident.
Official explanation in parent-org minutes:
“There was a sync issue at another sub-company.”
Translation: we have no idea what happened, and we’re praying the next cycle doesn’t eat our jobs.
Business as Normal
Here, chaos is business as normal:
- Permissions vanish? Normal.
- Permissions reappear randomly? Normal.
- Meetings conclude with “hopefully this won’t happen again”? Normal.
Nobody admits that permissions aren’t supposed to behave like lunar phases. We’ve normalized failure so thoroughly the absurd is now baseline.
Lessons (Ignored)
- Shared tenants across companies = governance by roulette.
- If your admin pool is chosen by “looks competent,” enjoy the surprise promotions.
- Hope isn’t a strategy, but apparently it’s our permissions model.
Epilogue
Next time my Metastore Admin badge reappears, I won’t celebrate.
I’ll just pour coffee, update my résumé, and wait for Episode 2.
Disclaimer: Any resemblance to actual companies is purely coincidental. Because, surely, no real organization would run all sub-companies on the same tenant and hand out admin rights like candy.
Fake Sponsor Break
This episode of The Monthly Vanishing Act is not sponsored by NordVPN. I am an affiliate, so links may pay me at no extra cost to you.
When your Databricks permissions vanish monthly, your packets do not have to. Put your traffic in a tunnel. SCIM cannot revoke your VPN.
Affiliate disclosure: commissions may be earned. Sarcasm is entirely mine.