Merge pull request #6342 from segmentio/databticksSourceM2Mdocs

update databricks source setup page

Author: forstisabella

src/connections/reverse-etl/reverse-etl-source-setup-guides/databricks-setup.md

@@ -4,29 +4,33 @@ title: Databricks Reverse ETL Setup
 
 Set up Databricks as your Reverse ETL source. 
 
-At a high level, when you set up Databricks for Reverse ETL, the configured user needs read permissions for any resources (databases, schemas, tables) the query needs to access. Segment keeps track of changes to your query results with a managed schema (`__SEGMENT_REVERSE_ETL`), which requires the configured user to allow write permissions for that schema.
+At a high level, when you set up Databricks for Reverse ETL, the configured service-principal needs read permissions for any resources (databases, schemas, tables) the query needs to access. Segment keeps track of changes to your query results with a managed schema (`__SEGMENT_REVERSE_ETL`), which requires the configured service-principal to allow write permissions for that schema.
+
+> info ""
+> Segment supports only OAuth (M2M) authentication. To generate a client ID and Secret, follow the steps listed in Databricks' [OAuth machine-to-machine (M2M) authentication](https://docs.databricks.com/en/dev-tools/auth/oauth-m2m.html){:target="_blank"} documentation.
+
 
 ## Required permissions
-* Make sure the user or the service principal you use to connect to Segment has permissions to use that warehouse. In the Databricks console go to **SQL warehouses** and select the warehouse you're using. Navigate to **Overview > Permissions** and make sure the user or the service principal you use to connect to Segment has *can use* permissions.
+* Make sure the service principal you use to connect to Segment has permissions to use that warehouse. In the Databricks console go to **SQL warehouses** and select the warehouse you're using. Navigate to **Overview > Permissions** and make sure the service principal you use to connect to Segment has *can use* permissions.
 
 * To grant access to read data from the tables used in the model query, run: 
 
     ```
-    GRANT USAGE ON SCHEMA <schema_name> TO `<user or service principal you are using to connect to Segment>`; 
-    GRANT SELECT, READ_METADATA ON SCHEMA <schema_name> TO `<user or service principal you are using to connect to Segment>`; 
+    GRANT USAGE ON SCHEMA <schema_name> TO `<service principal you are using to connect to Segment>`; 
+    GRANT SELECT, READ_METADATA ON SCHEMA <schema_name> TO `<service principal you are using to connect to Segment>`; 
     ```
 
 * To grant Segment access to create a schema to keep track of the running syncs, run: 
 
     ```
-    GRANT CREATE on catalog <name of the catalog, usually hive_metastore or main if using unity-catalog> TO `<user or service principal you are using to connect to Segment>`;
+    GRANT CREATE on catalog <name of the catalog, usually hive_metastore or main if using unity-catalog> TO `<service principal you are using to connect to Segment>`;
     ```
 
 * If you want to create the schema yourself instead and then give Segment access to it, run:
 
     ```
     CREATE SCHEMA IF NOT EXISTS __segment_reverse_etl; 
-    GRANT ALL PRIVILEGES ON SCHEMA __segment_reverse_etl TO `<user or service principal you are using to connect to Segment>`;
+    GRANT ALL PRIVILEGES ON SCHEMA __segment_reverse_etl TO `<service principal you are using to connect to Segment>`;
     ```
 
 ## Set up guide
@@ -46,12 +50,14 @@ To set up Databricks as your Reverse ETL source:
     * Hostname: `adb-xxxxxxx.azuredatabricks.net`
     * Http Path: `/sql/1.0/warehouses/xxxxxxxxx`
     * Port: `443` (default)
-    * Token: `<your-token>`
-    * Catalog [optional]: `hive_metastore` (default)
+    * Service principal client ID: `<your client ID>`
+    * OAuth secret: `<OAuth secret used during connection>`
+    * Catalog [optional]: If not specified, Segment will use the default catalog
 11. Click **Test Connection** to see if the connection works. If the connection fails, make sure you have the right permissions and credentials, then try again.
 12. Click **Add source** if the test connection is successful. 
 
-> info ""
-> To generate a token, follow the steps listed in the [Databricks docs](https://docs.databricks.com/dev-tools/auth.html#pat){:target="_blank"}. Segment recommends you create a token with no expiration date by leaving the lifetime field empty when creating it. If you already have a token with an expiration date, be sure to keep track of the date and renew it on time.   
+> warning ""
+> Segment previously supported token-based authentication, but now uses OAuth (M2M) authentication at the recommendation of Databricks.
+> If you previously set up your source using token-based authentication, Segment will continue to support it. If you want to create a new source or update the connection settings of an existing source, Segment only supports [OAuth machine-to-machine (M2M) authentication](https://docs.databricks.com/en/dev-tools/auth/oauth-m2m.html){:target="_blank"}.
 
 Once you've succesfully added your Databricks source, [add a model](/docs/connections/reverse-etl/#step-2-add-a-model) and follow the rest of the steps in the Reverse ETL setup guide.