<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: restrict workspace admin from creating service principal in Administration &amp; Architecture</title>
    <link>https://community.databricks.com/t5/administration-architecture/restrict-workspace-admin-from-creating-service-principal/m-p/117511#M3317</link>
    <description>&lt;P&gt;Hello&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/157648"&gt;@antonionuzzo&lt;/a&gt;!&lt;/P&gt;
&lt;P&gt;Based on the documentation and my understanding, there isn’t a built-in way to restrict the creation of service principals exclusively to account admins. And as you mentioned, the RestrictWorkspaceAdmins setting doesn’t cover this specific permission. For now, the best approach is to monitor service principal activity through audit logs and enforce internal policies to manage this access.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Fri, 02 May 2025 13:05:03 GMT</pubDate>
    <dc:creator>Advika</dc:creator>
    <dc:date>2025-05-02T13:05:03Z</dc:date>
    <item>
      <title>restrict workspace admin from creating service principal</title>
      <link>https://community.databricks.com/t5/administration-architecture/restrict-workspace-admin-from-creating-service-principal/m-p/117485#M3316</link>
      <description>&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;I would like to restrict workspace admins from creating service principals and leave this privilege only to the account admin. Is this possible? I am aware of the &lt;STRONG&gt;RestrictWorkspaceAdmins&lt;/STRONG&gt; command, but it does not meet my needs. Additionally, I have looked into the possibility of monitoring the management of service principals through the auditLog tables, but I would like to understand if it is possible to delegate the creation of service principals exclusively to the account admin.&lt;/P&gt;</description>
      <pubDate>Fri, 02 May 2025 08:19:58 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/restrict-workspace-admin-from-creating-service-principal/m-p/117485#M3316</guid>
      <dc:creator>antonionuzzo</dc:creator>
      <dc:date>2025-05-02T08:19:58Z</dc:date>
    </item>
    <item>
      <title>Re: restrict workspace admin from creating service principal</title>
      <link>https://community.databricks.com/t5/administration-architecture/restrict-workspace-admin-from-creating-service-principal/m-p/117511#M3317</link>
      <description>&lt;P&gt;Hello&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/157648"&gt;@antonionuzzo&lt;/a&gt;!&lt;/P&gt;
&lt;P&gt;Based on the documentation and my understanding, there isn’t a built-in way to restrict the creation of service principals exclusively to account admins. And as you mentioned, the RestrictWorkspaceAdmins setting doesn’t cover this specific permission. For now, the best approach is to monitor service principal activity through audit logs and enforce internal policies to manage this access.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 02 May 2025 13:05:03 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/restrict-workspace-admin-from-creating-service-principal/m-p/117511#M3317</guid>
      <dc:creator>Advika</dc:creator>
      <dc:date>2025-05-02T13:05:03Z</dc:date>
    </item>
  </channel>
</rss>

