// SCAN REPORT

Databricks MCP Server

86 tools. 29 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated: 11 Jun 2026

29 can modify or destroy data

57 read-only

86 tools total

Community server · catalogue entry verified 11/06/2026

How to control Databricks MCP Server ↓

TOOL MAP

What Databricks MCP Server exposes to your agents

Read (57) Write / Execute (24) Destructive / Financial (5)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Databricks MCP Server tools

Destructive · High delete_dbfs_path This tool performs an irreversible operation that cannot be undone—deleting files or directories from DBFS. Destructive · High delete_governance_rule This tool permanently removes a governance rule from the Databricks workspace. Destructive · High delete_job The tool performs a delete operation that cannot be undone, removing a job and any associated metadata/configuration from the Databricks workspace. Destructive · High delete_pipeline Deleting a DLT (Delta Live Tables) pipeline removes infrastructure and potentially associated data transformations that cannot be easily recovered.

29 of Databricks MCP Server's 86 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Databricks MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Databricks MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "delete_dbfs_path": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "apply_uc_tags": {
    "limits": [
      {
        "counter": "apply_uc_tags_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "describe_external_location": {
    "limits": [
      {
        "counter": "describe_external_location_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Databricks MCP Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON DATABRICKS →

Free to start. No card required.

FULL CATALOGUE

All 86 Databricks MCP Server tools

DESTRUCTIVE 5 tools

Destructive delete_dbfs_path Delete a file or directory from DBFS. Destructive delete_governance_rule Delete a governance rule. Destructive delete_job Delete a job from the Databricks workspace. Destructive delete_pipeline Delete a DLT pipeline. Destructive delete_sql_warehouse Delete a SQL warehouse.

EXECUTE 9 tools

Execute cancel_job_run Cancel a running job run. Execute cancel_query Cancel a running query. Execute cancel_statement Cancel statement execution. Execute execute_dbsql execute_dbsql Execute start_pipeline_update Start a DLT pipeline update. Execute start_sql_warehouse Start a SQL warehouse. Execute stop_pipeline_update Stop a running DLT pipeline update. Execute stop_sql_warehouse Stop a SQL warehouse. Execute submit_job_run Submit a new job run.

WRITE 15 tools

Write apply_uc_tags Apply tags to Unity Catalog objects. Write copy_dbfs_file Copy a file in DBFS from source to destination. Write create_dashboard_file create_dashboard_file Write create_data_quality_monitor Create a new data quality monitor for a table. Write create_dbfs_directory Create a directory in DBFS. Write create_governance_rule Create a new governance rule. Write create_job Create a new job in the Databricks workspace. Write create_pipeline Create a new DLT pipeline. Write create_sql_warehouse Create a new SQL warehouse. Write create_volume create_volume Write move_dbfs_path Move/rename a file or directory in DBFS. Write update_governance_rule Update an existing governance rule. Write update_job Update an existing job in the Databricks workspace. Write update_pipeline Update an existing DLT pipeline. Write write_dbfs_file Write content to a file in DBFS.

READ 57 tools

Read describe_external_location Get detailed external location information. Read describe_metastore Get detailed metastore information. Read describe_storage_credential Get detailed storage credential information. Read describe_uc_catalog Provide detailed information about a specific catalog. Read describe_uc_function Get detailed function information including parameters and return type. Read describe_uc_model Get detailed model information including version history and lineage. Read describe_uc_schema describe_uc_schema Read describe_uc_table describe_uc_table Read describe_uc_volume Get detailed volume information including storage location and permissions. Read get_audit_log Get details of a specific audit log event. Read get_column_lineage Get column-level lineage information. Read get_data_quality_results Get data quality monitoring results. Read get_dbfs_file_info Get file/directory information from DBFS. Read get_governance_rule Get details of a specific governance rule. Read get_job Get detailed information about a specific job. Read get_job_run Get detailed information about a specific job run. Read get_job_run_logs Get logs from a job run. Read get_object_usage_stats Get usage statistics. Read get_pipeline Get details of a specific DLT pipeline. Read get_pipeline_run Get details of a specific DLT pipeline run. Read get_query Get details of a specific query. Read get_query_results Get results of a completed query. Read get_sql_warehouse Get details of a specific SQL warehouse. Read get_statement_results Get statement results. Read get_statement_status Get statement execution status. Read get_table_lineage Get data lineage information for a table. Read get_table_statistics Get table statistics including row count, size, and column statistics. Read get_widget_configuration_guide get_widget_configuration_guide Read health Check the health of the MCP server and Databricks connection. Read list_audit_logs List audit logs for the workspace. Read list_data_quality_monitors List data quality monitors configured in Unity Catalog. Read list_dbfs_files List files and directories in DBFS (Databricks File System). Read list_external_locations List all external locations configured in the workspace. Read list_governance_rules List governance rules configured in the workspace. Read list_job_runs List job runs, either all runs or runs for a specific job. Read list_jobs List all jobs in the Databricks workspace. Read list_metastores List all metastores in the workspace. Read list_pipeline_runs List DLT pipeline runs. Read list_pipelines List all DLT pipelines in the workspace. Read list_queries List queries (all or for specific warehouse). Read list_recent_queries List recent queries. Read list_storage_credentials List all storage credentials configured in the workspace. Read list_uc_functions List all functions in a Unity Catalog schema. Read list_uc_models List all models in a Unity Catalog schema. Read list_uc_permissions List permissions for Unity Catalog objects. Read list_uc_schemas List all schemas within a specific catalog. Read list_uc_tables List all tables within a specific schema. Read list_uc_tags List available tags in Unity Catalog. Read list_uc_volumes List all volumes in a Unity Catalog schema. Read list_volumes List all volumes within a specific schema. Read list_warehouses List all SQL warehouses in the Databricks workspace. Read read_dbfs_file Read file content from DBFS. Read search_catalog Search for catalog objects. Read search_lineage Search for lineage information. Read search_uc_objects Search for Unity Catalog objects by name, description, or tags. Read validate_dashboard_sql validate_dashboard_sql Read export_audit_logs Export audit logs for a specific time range.

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Databricks MCP Server

Can an AI agent delete data through the Databricks MCP Server MCP server? +

Yes. The Databricks MCP Server server exposes 5 destructive tools including delete_dbfs_path, delete_governance_rule, delete_job. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Databricks MCP Server? +

The Databricks MCP Server server has 15 write tools including apply_uc_tags, copy_dbfs_file, create_dashboard_file. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Databricks MCP Server.

How many tools does the Databricks MCP Server MCP server expose? +

86 tools across 4 categories: Destructive, Execute, Read, Write. 57 are read-only. 29 can modify, create, or delete data.

How do I enforce a policy on Databricks MCP Server? +

Register the Databricks MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Databricks MCP Server tool call.

Deterministic rules across all 86 Databricks MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON DATABRICKS →

Free to start. No card required.

86 Databricks MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.