topic Service Principal can be deleted but permissions not managed in Administration & Architecture

Service Principal can be deleted but permissions not managed

Mumrel — Fri, 23 Feb 2024 16:28:25 GMT

On Azure I added a service principal X to my databricks workspace. I therefore had the Service Prinicpal Manager role on that service principal X. I accidentally downgraded my rights to Service Principal User and now can's get my Managers role back. I am an workspace admin and can delete the service principal entry X. If I add the just deleted service principal X again, I will only receive the Service Principal User role, not the Manager role.

If I create any new service prinicpal Y with a syntactically valid app-id I will receive the Service Principal Manager role for Y.

This seems inconsistent, since I can delete it but not manage it. How can I reclaim my Service Managers role back?

Re: Service Principal can be deleted but permissions not managed

jamessmith3 — Fri, 23 Feb 2024 18:02:25 GMT

Do you have federated identity enabled on your workspace?

Re: Service Principal can be deleted but permissions not managed

Mumrel — Tue, 27 Feb 2024 15:58:50 GMT

I believe so because the described effect was also observed in another databricks workspace, where I did NOT make the accidental change

Re: Service Principal can be deleted but permissions not managed

Mumrel — Tue, 27 Feb 2024 16:06:29 GMT

Also note, I am only a workspace admin, and do not have access to the account console