https://community.databricks.com/t5/generative-ai/permission-denied-for-genie-auto-generated-service-principal-on/m-p/120189#M906 <P>Hi community,</P><P><A href="https://docs.databricks.com/aws/en/generative-ai/agent-framework/multi-agent-genie?scid=701Vp000004h4c4IAA&amp;utm_medium=programmatic&amp;utm_source=google&amp;utm_campaign=22507112156&amp;utm_adgroup=&amp;utm_content=summit&amp;utm_offer=dataaisummit&amp;utm_ad=&amp;utm_term=&amp;gad_source=1&amp;gad_campaignid=22507113074&amp;gbraid=0AAAAABYBeAjJBK6Yps_hSSp9sIzsxssUG&amp;gclid=EAIaIQobChMI9-Lhwfi0jQMVXQCtBh3fuDyzEAAYASAAEgLm_PD_BwE" target="_blank">Use Genie in multi-agent systems | Databricks Documentation</A><BR />I’ve developed a <STRONG>multi-agent Genie</STRONG> in Databricks and integrated it with <STRONG>vector indexes</STRONG>. The setup works fine during model logging and prediction. The system successfully registers models to <STRONG>Model Serving</STRONG>.</P><P>However, when I interact with the Genie using the <STRONG>Playground UI</STRONG>, I receive the following error:</P><P><FONT color="#993366"><U>PermissionDenied: 2654507c-3f21-48f6-87f6-2e5ef2ac5c75 is not authorized to use or monitor this SQL Endpoint. Please contact your administrator.</U></FONT><BR /><FONT color="#993366"><U>Config: host=<A href="https://dbc-3a822fc8-adcc.cloud.databricks.com" target="_blank" rel="noopener">https://dbc-3a822fc8-adcc.cloud.databricks.com</A>, auth_type=model-serving</U></FONT><BR /><FONT color="#993366"><U>During task with name 'Genie' and id</U> 'f039979b-69b5-0353-3070-24c8427faeef'<BR /><BR /></FONT></P><H3>What I’ve Observed:</H3><UL><LI>The Genie automatically generates a <STRONG>service principal</STRONG> when integrated with multiple agents.</LI><LI>This principal queries or interacts with a SQL Endpoint to query the tables.</LI><LI>Unfortunately, I cannot <STRONG>manually assign permissions</STRONG> to this service principal.</LI><LI>It does not show up under typical service principal listings or user management.</LI><LI>As a result, <STRONG>any queries from the Playground fail with permission errors</STRONG>.</LI></UL><P>Any help or insight would be appreciated. I'm happy to provide more details if needed!</P><P>Thanks,<BR />Karthik k</P><P>#genie #multiagent #model-serving #sql-endpoint #playground #permissions #service-principal #unity-catalog #databricks&nbsp;</P> Mon, 26 May 2025 08:28:17 GMT Karthik_Karanm 2025-05-26T08:28:17Z https://community.databricks.com/t5/generative-ai/permission-denied-for-genie-auto-generated-service-principal-on/m-p/120189#M906 <P>Hi community,</P><P><A href="https://docs.databricks.com/aws/en/generative-ai/agent-framework/multi-agent-genie?scid=701Vp000004h4c4IAA&amp;utm_medium=programmatic&amp;utm_source=google&amp;utm_campaign=22507112156&amp;utm_adgroup=&amp;utm_content=summit&amp;utm_offer=dataaisummit&amp;utm_ad=&amp;utm_term=&amp;gad_source=1&amp;gad_campaignid=22507113074&amp;gbraid=0AAAAABYBeAjJBK6Yps_hSSp9sIzsxssUG&amp;gclid=EAIaIQobChMI9-Lhwfi0jQMVXQCtBh3fuDyzEAAYASAAEgLm_PD_BwE" target="_blank">Use Genie in multi-agent systems | Databricks Documentation</A><BR />I’ve developed a <STRONG>multi-agent Genie</STRONG> in Databricks and integrated it with <STRONG>vector indexes</STRONG>. The setup works fine during model logging and prediction. The system successfully registers models to <STRONG>Model Serving</STRONG>.</P><P>However, when I interact with the Genie using the <STRONG>Playground UI</STRONG>, I receive the following error:</P><P><FONT color="#993366"><U>PermissionDenied: 2654507c-3f21-48f6-87f6-2e5ef2ac5c75 is not authorized to use or monitor this SQL Endpoint. Please contact your administrator.</U></FONT><BR /><FONT color="#993366"><U>Config: host=<A href="https://dbc-3a822fc8-adcc.cloud.databricks.com" target="_blank" rel="noopener">https://dbc-3a822fc8-adcc.cloud.databricks.com</A>, auth_type=model-serving</U></FONT><BR /><FONT color="#993366"><U>During task with name 'Genie' and id</U> 'f039979b-69b5-0353-3070-24c8427faeef'<BR /><BR /></FONT></P><H3>What I’ve Observed:</H3><UL><LI>The Genie automatically generates a <STRONG>service principal</STRONG> when integrated with multiple agents.</LI><LI>This principal queries or interacts with a SQL Endpoint to query the tables.</LI><LI>Unfortunately, I cannot <STRONG>manually assign permissions</STRONG> to this service principal.</LI><LI>It does not show up under typical service principal listings or user management.</LI><LI>As a result, <STRONG>any queries from the Playground fail with permission errors</STRONG>.</LI></UL><P>Any help or insight would be appreciated. I'm happy to provide more details if needed!</P><P>Thanks,<BR />Karthik k</P><P>#genie #multiagent #model-serving #sql-endpoint #playground #permissions #service-principal #unity-catalog #databricks&nbsp;</P> Mon, 26 May 2025 08:28:17 GMT https://community.databricks.com/t5/generative-ai/permission-denied-for-genie-auto-generated-service-principal-on/m-p/120189#M906 Karthik_Karanm 2025-05-26T08:28:17Z https://community.databricks.com/t5/generative-ai/permission-denied-for-genie-auto-generated-service-principal-on/m-p/135778#M1264 <P><SPAN>Hi&nbsp;<A target="_blank" rel="noopener">@Karthik_Karanm</A>&nbsp;- Can you ensure to add the Genie in the resources as mentioned in the TODO of the cell.</SPAN></P> <LI-CODE lang="markup">To enable automatic authentication, specify the dependent Databricks resources when calling mlflow.pyfunc.log_model(). TODO: If your Unity Catalog tool queries a vector search index or leverages external functions, you need to include the dependent vector search index and UC connection objects, respectively, as resources. See docs (AWS | Azure). TODO: Add the SQL Warehouse or tables powering your Genie space to enable passthrough authentication. (AWS | Azure). If your genie space uses "embedded credentials" then you do not have to add this.</LI-CODE> <P>As an example, this is what I did -</P> <DIV> <DIV><LI-CODE lang="python">resources = [ DatabricksServingEndpoint(endpoint_name=LLM_ENDPOINT_NAME), DatabricksGenieSpace(genie_space_id=GENIE_SPACE_ID), ]</LI-CODE></DIV> </DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dkushari_0-1761174939220.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/20972i85E3C181C03B6A27/image-size/medium?v=v2&amp;px=400" role="button" title="dkushari_0-1761174939220.png" alt="dkushari_0-1761174939220.png" /></span></P> <P>&nbsp;</P> Wed, 22 Oct 2025 23:18:27 GMT https://community.databricks.com/t5/generative-ai/permission-denied-for-genie-auto-generated-service-principal-on/m-p/135778#M1264 dkushari 2025-10-22T23:18:27Z