<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Secrets ACL API Behavior Change in Administration &amp; Architecture</title>
    <link>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67299#M1114</link>
    <description>&lt;P&gt;'User or Group {user email address goes here} does not exist.'&lt;BR /&gt;&lt;BR /&gt;It's happening when I try to set an ACL on a secret scope for an Azure AD user who hasn't actually been invited to the Databricks workspace yet. But I swear this behavior is new. I used to be able to set an ACL for a user who wasn't yet invited to Databricks and it would just soak it up without throwing an error.&lt;/P&gt;</description>
    <pubDate>Thu, 25 Apr 2024 11:55:54 GMT</pubDate>
    <dc:creator>aockenden</dc:creator>
    <dc:date>2024-04-25T11:55:54Z</dc:date>
    <item>
      <title>Secrets ACL API Behavior Change</title>
      <link>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67266#M1112</link>
      <description>&lt;P&gt;Hey all,&lt;/P&gt;&lt;P&gt;Has the behavior of the Secrets ACL API changed over the last 24 hours? With no code changes on our scope-deployment pipeline, I am suddenly getting strange errors back from this endpoint.&lt;/P&gt;&lt;P&gt;Anybody else noticing a change?&lt;/P&gt;&lt;P&gt;Thanks,&lt;/P&gt;&lt;P&gt;Alex&lt;/P&gt;</description>
      <pubDate>Thu, 25 Apr 2024 10:29:34 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67266#M1112</guid>
      <dc:creator>aockenden</dc:creator>
      <dc:date>2024-04-25T10:29:34Z</dc:date>
    </item>
    <item>
      <title>Re: Secrets ACL API Behavior Change</title>
      <link>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67283#M1113</link>
      <description>&lt;P&gt;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/97932"&gt;@aockenden&lt;/a&gt;&amp;nbsp;&lt;BR /&gt;Can you paste these errors here?&lt;/P&gt;</description>
      <pubDate>Thu, 25 Apr 2024 11:14:39 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67283#M1113</guid>
      <dc:creator>daniel_sahal</dc:creator>
      <dc:date>2024-04-25T11:14:39Z</dc:date>
    </item>
    <item>
      <title>Re: Secrets ACL API Behavior Change</title>
      <link>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67299#M1114</link>
      <description>&lt;P&gt;'User or Group {user email address goes here} does not exist.'&lt;BR /&gt;&lt;BR /&gt;It's happening when I try to set an ACL on a secret scope for an Azure AD user who hasn't actually been invited to the Databricks workspace yet. But I swear this behavior is new. I used to be able to set an ACL for a user who wasn't yet invited to Databricks and it would just soak it up without throwing an error.&lt;/P&gt;</description>
      <pubDate>Thu, 25 Apr 2024 11:55:54 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67299#M1114</guid>
      <dc:creator>aockenden</dc:creator>
      <dc:date>2024-04-25T11:55:54Z</dc:date>
    </item>
    <item>
      <title>Re: Secrets ACL API Behavior Change</title>
      <link>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67306#M1115</link>
      <description>&lt;P&gt;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/97932"&gt;@aockenden&lt;/a&gt;&amp;nbsp;&lt;BR /&gt;From what I see, there's been no change in Secrets API for some time. Maybe the user already had a Contributor on the Resource Group, that's why he was visible for the Workspace?&lt;BR /&gt;&lt;BR /&gt;Anyways, documentation clearly states that "The principal is a user or group name corresponding to an &lt;STRONG&gt;existing&lt;/STRONG&gt; Databricks principal to be granted or revoked access."&lt;/P&gt;</description>
      <pubDate>Thu, 25 Apr 2024 12:22:05 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67306#M1115</guid>
      <dc:creator>daniel_sahal</dc:creator>
      <dc:date>2024-04-25T12:22:05Z</dc:date>
    </item>
    <item>
      <title>Re: Secrets ACL API Behavior Change</title>
      <link>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67331#M1116</link>
      <description>&lt;P&gt;Idk, I control the resource group myself and I don't remember ever granting or revoking contributor roles on that RG for any of these users which are now suddenly throwing errors. Interesting to see that line from the docs... I wonder if that was always SUPPOSED to be throwing an error and they've just now got it actually functioning as per the doc descriptions.&lt;/P&gt;</description>
      <pubDate>Thu, 25 Apr 2024 15:13:25 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/secrets-acl-api-behavior-change/m-p/67331#M1116</guid>
      <dc:creator>aockenden</dc:creator>
      <dc:date>2024-04-25T15:13:25Z</dc:date>
    </item>
  </channel>
</rss>

