Detects creation of Databricks Delta Sharing recipients without IP-based access restrictions. The rule analyzes Databricks Audit logs for recipient creation events (createRecipient) over the past 30 days and flags instances where ipAccessList is missing, an empty string, or an empty list, indicating potential unrestricted data access from any IP. It can optionally verify if the recipient accessed shared data within 24 hours of creation to gauge risk and assist in posture assessment. This detection supports remediation by identifying recipients lacking IP ACLs and aligns with Defense Evasion (MITRE ATT&CK TA0005, T1562).