ceven

Databricks

Automates the deployment of data apps, manages Unity Catalog permissions, and orchestrates job runs across your lakehouse environment.

Try Databricks in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Databricks integration

    • Describe the outcome and Ceven picks the right Databricks calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Databricks data, across all 409 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Databricks access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Databricks, when, and on whose behalf.
    • The agent pauses and asks when Databricks is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Databricks.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Databricks action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Databricks, and when to use it.

Create Databricks App
Use this when you need to deploy a new secure data or AI application on the Databricks serverless platform.
Deploy Databricks App
Push source code from a workspace path to create a live deployment for a Databricks app.
Stop Databricks App
Transition a running app to a stopped state to save on compute resources.
Start Databricks App
Resume the last active deployment of a stopped Databricks app.
Update App Permissions
Modify specific user or group permissions for a Databricks app without replacing the full set.
Cancel Job Run
Terminate a running Databricks job run asynchronously to stop resource consumption.
Create Catalog
Establish a new top level container for data within the Unity Catalog metastore.
Update Catalog Grants
Add or remove privileges for principals on catalogs, schemas, or tables in Unity Catalog.
Create External Location
Link a cloud storage path with a storage credential to create a Unity Catalog external location.
Validate Catalog Credential
Verify that a cloud storage or service credential can successfully perform its intended operations.
Add Member to Group
Grant a user or group membership to a Databricks security group for access control.
Get App Details
Pull comprehensive information about an app including deployment status and compute resources.
Add Member to Security Group
Tool to add a user or group as a member to a Databricks security group. Use when you need to grant group membership for access control.
Delete Custom LLM Agent
Tool to delete a Custom LLM agent created through Agent Bricks. Use when you need to remove a custom LLM and all associated data. This operation is irreversible and deletes all data including temporary transformations, model checkpoints, an
Delete Databricks App
Tool to delete a Databricks app from the workspace. Use when you need to remove an app and its associated service principal. When an app is deleted, Databricks automatically deletes the provisioned service principal.
Get Databricks App Details
Tool to retrieve details about a specific Databricks app by name. Use when you need to get comprehensive information about an app including configuration, deployment status, compute resources, and metadata.
Get Databricks App Permission Levels
Tool to retrieve available permission levels for a Databricks app. Use when you need to understand what permission levels can be assigned to users or groups for a specific app. Returns permission levels like CAN_USE and CAN_MANAGE with thei
Get Databricks App Permissions
Tool to retrieve permissions for a Databricks app. Use when you need to check who has access to an app and their permission levels. Returns the access control list including inherited permissions from parent or root objects.
Get App Deployment Update
Tool to retrieve information about a specific app deployment update. Use when you need to track the status and details of app deployment updates, including whether the update succeeded, failed, is in progress, or was not updated.
Set Databricks App Permissions
Tool to set permissions for a Databricks app, replacing all existing permissions. Use when you need to configure access control for an app. This operation replaces ALL existing permissions; for incremental updates, use the update permission
Update Databricks App
Tool to update an existing Databricks app configuration. Use when you need to modify app settings such as description, resources, compute size, budget policy, or API scopes. This is a partial update operation - only fields provided in the r
Update Databricks App Permissions
Tool to incrementally update permissions for a Databricks app. Use when you need to modify specific permissions without replacing the entire permission set. This PATCH operation updates only the specified permissions, preserving existing pe
Cancel Databricks Job Run
Tool to cancel a Databricks job run asynchronously. Use when you need to terminate a running job. The run will be terminated shortly after the request completes. If the run is already in a terminal state (TERMINATED, SKIPPED, or INTERNAL_ER
Get Catalog Artifact Allowlist
Tool to retrieve artifact allowlist configuration for a specified artifact type in Unity Catalog. Use when you need to check which artifacts are permitted for use in your Databricks environment. Requires metastore admin privileges or MANAGE
Delete Catalog
Tool to delete a catalog from Unity Catalog metastore. Use when you need to permanently remove a catalog and optionally its contents. By default, the catalog must be empty (except for information_schema). Use force=true to delete non empty
Get Catalog Details
Tool to retrieve details of a specific catalog in Unity Catalog. Use when you need to get information about a catalog including its metadata, owner, properties, and configuration. Requires metastore admin privileges, catalog ownership, or U
Create Catalog Connection
Tool to create a new Unity Catalog connection to external data sources. Use when you need to establish connections to databases and services such as MySQL, PostgreSQL, Snowflake, etc. Requires metastore admin privileges or CREATE CONNECTION
Delete Catalog Connection
Tool to delete a Unity Catalog connection to external data sources. Use when you need to remove connections to databases and services. Deleting a connection removes the abstraction used to connect from Databricks Compute to external data so
Get Catalog Connection
Tool to retrieve detailed information about a specific Unity Catalog connection. Use when you need to get connection metadata, configuration, and properties for external data source connections.
Update Catalog Connection
Tool to update an existing Unity Catalog connection configuration. Use when you need to modify connection properties, credentials, ownership, or metadata for external data sources.

30 actions · scroll to see them all

Frequently asked questions

Ceven interacts directly with the Unity Catalog API to manage grants and privileges. Instead of you manually clicking through the data explorer, the agent can execute bulk updates to permissions across catalogs, schemas, and tables. It can pull the current effective permissions to identify gaps and then apply the necessary grants to align with your security policy. This ensures that your data governance is versioned and repeatable. The agent uses a service principal with the required metastore admin privileges to perform these actions, ensuring that every change is logged in the Databricks audit logs for compliance and security tracking.
Yes. Ceven can create the initial app configuration, handle the deployment of source code from your workspace, and manage the running state of the application. You can set up workflows that automatically stop apps during off hours to reduce costs or restart them based on external triggers. The agent can also handle the incremental update of permissions, meaning it can add a specific user to an app without wiping out the existing access control list. This makes it possible to treat your data apps as part of a wider CI CD pipeline managed by AI agents.
Ceven can monitor your job runs and take action when a run exceeds a predefined time limit. Using the cancel job run tool, the agent sends an asynchronous request to Databricks to terminate the process. This prevents a single runaway query from consuming your entire DBU budget for the month. You can build a workflow that detects a hanging job, cancels it, and then pings the developer on Slack with the run ID and a link to the logs. This transforms reactive monitoring into an automated remediation loop that keeps your lakehouse performing optimally.
Ceven automates the connection between your cloud storage and the Databricks lakehouse. It can create storage credentials for AWS S3 or Azure Data Lake, validate that those credentials actually work using the validation tool, and then wrap that credential and a path into a formal external location. This removes the manual friction of setting up data ingress. Because the agent can check the validation status first, it prevents the creation of broken external locations that would otherwise cause downstream pipeline failures, ensuring that your data engineers spend less time debugging connection strings.
One critical quirk of the Databricks API is that a catalog must typically be empty before it can be deleted, with the exception of the information schema. If you ask Ceven to delete a catalog that still contains schemas or tables, the API will return an error. To handle this, the agent can be programmed to recursively list and delete all contained objects before attempting to remove the catalog itself. Additionally, certain operations require the caller to be a metastore admin, so you must ensure the service principal used by Ceven has the correct global permissions within your Databricks account.
Ceven streamlines onboarding by automating the assignment of users to the correct security groups. Instead of manually adding every new hire to five different groups, you can trigger a workflow that takes a user email and adds them to the required security groups for their role. This automatically cascades permissions down through Unity Catalog if your grants are set at the group level. The agent can also verify that the user has been correctly provisioned in the workspace before attempting to assign group memberships, reducing the number of failed API calls and cleanup tasks.
Ceven does not just trigger a deployment and hope for the best. It uses the get app deployment update tool to poll the status of the deployment process. The agent tracks whether the update is in progress, succeeded, or failed. If a deployment fails, the agent can pull the specific error messages from the deployment logs and attempt to notify the owner or even try a rollback to the last known active deployment. This closed loop approach ensures that your production data apps remain available and that failures are caught and reported in real time.
Ceven uses secure authentication patterns to interact with your workspace. We recommend using service principal tokens or OAuth flows rather than personal access tokens. These credentials are encrypted at rest and are only injected into the execution context at the moment the agent makes an API call to Databricks. We do not log the tokens themselves in any plain text files or prompt histories. You can rotate your tokens or revoke the service principal access at any time from the Databricks admin console, which immediately kills the agents ability to interact with your workspace.

Alternatives to Databricks

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

Snowflake logoSnowflakeGoogle BigQuery logoGoogle BigQueryAmazon Redshift logoAmazon Redshift

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Databricks and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free