https://community.databricks.com/t5/administration-architecture/using-terraform-to-grant-select-on-any-file-securable/m-p/136512#M4298 <P>I have a use case where service principals will read .csv files from Azure Storage Account and create views from them. This used to work in our legacy environment but we are currently migrating to Unity Catalog and when we tested our existing jobs we ran into insufficient privileges error. Error message was that the "User does not have permission SELECT on any file." I read the documentation and found the following:</P><P>You must have SELECT privileges on the ANY FILE securable to read using the following patterns on Unity Catalog-enabled standard clusters:</P><UL><LI>Cloud object storage using URIs.</LI></UL><P><A href="https://learn.microsoft.com/en-gb/azure/databricks/data-governance/table-acls/any-file" target="_blank" rel="noopener">https://learn.microsoft.com/en-gb/azure/databricks/data-governance/table-acls/any-file</A></P><P>This is exactly what we are doing. So I tested by manually granting the following:<BR /><BR />GRANT SELECT ON ANY FILE to `first.last@domain.com`;<BR /><BR />After this reading files succeeded. Now the issue is that we are managing our configuration with Terraform and I would like to do add this into the configuration as well. However, I couldn't find which resource I should use to create this privilege. Any idea how to achieve this using Terraform? Or is there a better way of doing this? This is the way teams in my organization have done things before, so I'm not sure if they are willing to change things that much.</P> Wed, 29 Oct 2025 08:16:55 GMT PNC 2025-10-29T08:16:55Z https://community.databricks.com/t5/administration-architecture/using-terraform-to-grant-select-on-any-file-securable/m-p/136512#M4298 <P>I have a use case where service principals will read .csv files from Azure Storage Account and create views from them. This used to work in our legacy environment but we are currently migrating to Unity Catalog and when we tested our existing jobs we ran into insufficient privileges error. Error message was that the "User does not have permission SELECT on any file." I read the documentation and found the following:</P><P>You must have SELECT privileges on the ANY FILE securable to read using the following patterns on Unity Catalog-enabled standard clusters:</P><UL><LI>Cloud object storage using URIs.</LI></UL><P><A href="https://learn.microsoft.com/en-gb/azure/databricks/data-governance/table-acls/any-file" target="_blank" rel="noopener">https://learn.microsoft.com/en-gb/azure/databricks/data-governance/table-acls/any-file</A></P><P>This is exactly what we are doing. So I tested by manually granting the following:<BR /><BR />GRANT SELECT ON ANY FILE to `first.last@domain.com`;<BR /><BR />After this reading files succeeded. Now the issue is that we are managing our configuration with Terraform and I would like to do add this into the configuration as well. However, I couldn't find which resource I should use to create this privilege. Any idea how to achieve this using Terraform? Or is there a better way of doing this? This is the way teams in my organization have done things before, so I'm not sure if they are willing to change things that much.</P> Wed, 29 Oct 2025 08:16:55 GMT https://community.databricks.com/t5/administration-architecture/using-terraform-to-grant-select-on-any-file-securable/m-p/136512#M4298 PNC 2025-10-29T08:16:55Z https://community.databricks.com/t5/administration-architecture/using-terraform-to-grant-select-on-any-file-securable/m-p/136559#M4300 <P>you can try using this code.</P><LI-CODE lang="python">resource "databricks_grants" "any_file_select_grant" { principal = "your_user_or_group_name" // Replace with the actual user or group privileges { privilege_type = "SELECT" securable_type = "ANY FILE" } }</LI-CODE> Wed, 29 Oct 2025 14:53:08 GMT https://community.databricks.com/t5/administration-architecture/using-terraform-to-grant-select-on-any-file-securable/m-p/136559#M4300 nayan_wylde 2025-10-29T14:53:08Z https://community.databricks.com/t5/administration-architecture/using-terraform-to-grant-select-on-any-file-securable/m-p/149763#M4946 <PRE>How about... (not tried it myself)<BR /><BR />resource "databricks_sql_permissions" "grant_select_any_file" {<BR />any_file = true<BR /><BR /> privilege_assignments {<BR /> principal = "your-role"<BR /> privileges = ["SELECT"]<BR /> }<BR />}</PRE> Wed, 04 Mar 2026 11:00:36 GMT https://community.databricks.com/t5/administration-architecture/using-terraform-to-grant-select-on-any-file-securable/m-p/149763#M4946 ThePussCat 2026-03-04T11:00:36Z