https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148286#M4872 <P>Problem statement: Unity catalog PRINCIPAL_DOES_NOT_EXIST when granting an entra group created via SDK, but works after manual UI assignment)</P><P>Hi all,</P><P>I'm running into a Unity Catalog identity resolution issue and I am trying to understand if this is expected behavior or if I'm missing something.</P><P>I created an external group with the databricks SDK workspaceclient and the group shows up correctly in my groups with the corresponding entra object id.</P><P>The first time I run:</P><P>GRANT ... TO `group`</P><P>I get PRINCIPAL_DOES_NOT_EXIST could not find principal with name.</P><P>While the group exists and is visible in the workspace.</P><P>Now the interesting part:</P><P>If I manually assign any privilege to that group via the Unity Catalog UI once, then the exact same SQL Grant statement works afterwards.</P><P>I feel like the Unity Catalog only materializes or resolves after the first UI interaction.</P><P>What would be a way to force UC to recognize entra groups without manual UI interaction?</P><P>Would really appreciatie insight from anyone who automated UC privilege assignment at scale.</P><P>By the way, what would be the best place to post technical questions like this?</P> Fri, 13 Feb 2026 09:54:47 GMT jonathanvdr 2026-02-13T09:54:47Z https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148286#M4872 <P>Problem statement: Unity catalog PRINCIPAL_DOES_NOT_EXIST when granting an entra group created via SDK, but works after manual UI assignment)</P><P>Hi all,</P><P>I'm running into a Unity Catalog identity resolution issue and I am trying to understand if this is expected behavior or if I'm missing something.</P><P>I created an external group with the databricks SDK workspaceclient and the group shows up correctly in my groups with the corresponding entra object id.</P><P>The first time I run:</P><P>GRANT ... TO `group`</P><P>I get PRINCIPAL_DOES_NOT_EXIST could not find principal with name.</P><P>While the group exists and is visible in the workspace.</P><P>Now the interesting part:</P><P>If I manually assign any privilege to that group via the Unity Catalog UI once, then the exact same SQL Grant statement works afterwards.</P><P>I feel like the Unity Catalog only materializes or resolves after the first UI interaction.</P><P>What would be a way to force UC to recognize entra groups without manual UI interaction?</P><P>Would really appreciatie insight from anyone who automated UC privilege assignment at scale.</P><P>By the way, what would be the best place to post technical questions like this?</P> Fri, 13 Feb 2026 09:54:47 GMT https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148286#M4872 jonathanvdr 2026-02-13T09:54:47Z https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148311#M4873 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/216000">@jonathanvdr</a>&nbsp;can you use AccountClient i<SPAN>nstead of WorkspaceClient.</SPAN></P><P><SPAN><SPAN class="">from</SPAN><SPAN class=""> databricks</SPAN><SPAN class="">.</SPAN><SPAN class="">sdk </SPAN><SPAN class="">import</SPAN><SPAN class=""> AccountClient</SPAN></SPAN></P> Fri, 13 Feb 2026 12:14:48 GMT https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148311#M4873 saurabh18cs 2026-02-13T12:14:48Z https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148312#M4874 <P>Hi <a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/22314">@saurabh18cs</a>,</P><P>I am not an account admin. I am a workspace admin though</P> Fri, 13 Feb 2026 12:24:19 GMT https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148312#M4874 jonathanvdr 2026-02-13T12:24:19Z https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148352#M4877 <P>ideal approach is to&nbsp; sync entra groups at account level using <SPAN>SCIM sync of AD groups into Databricks groups&nbsp;</SPAN>and then let account admins sync this to workspace manually or using latest automated way. after than you GRANT access. you are following botttom up approach.</P> Fri, 13 Feb 2026 16:06:45 GMT https://community.databricks.com/t5/administration-architecture/unity-catalog-resolution-of-entra-groups-principal-does-not/m-p/148352#M4877 saurabh18cs 2026-02-13T16:06:45Z