https://community.databricks.com/t5/data-engineering/service-principal-cannot-access-its-own-workspace-folder/m-p/120584#M46196 <P>We are using Asset bundles with databricks runtime 14.3LTS. During DAB deployment, the wheel is built and stored in the folder of the service principal running the deployment via GH workflow. The full path is<BR />/Workspace/Users/SERVICE-PRINCIPAL-ID/.bundle/main_bundle/dev_dev/artifacts/.internal/WHEEL-NAME.whl</P><P>Within the same DAB, we define and deploy a job which uses a job cluster. when using the wheel as a task dependency we get this error&nbsp;<SPAN>message:&nbsp;</SPAN></P><LI-SPOILER>run failed with error message Library installation failed for library due to user error for whl: "/Workspace/Users/SERVICE-PRINCIPAL-ID/.bundle/main_bundle/dev_dev/artifacts/.internal/WHEEL-NAME.whl" Error messages: Library installation attempted on the driver node of cluster CLUSTER-ID and failed. User does not have permission to read the library file, or the file path does not exist. Error Code: FILE_NOT_FOUND_FAILURE. Error Message: java.util.concurrent.ExecutionException: java.io.FileNotFoundException: File file:/Workspace/Users/SERVICE-PRINCIPAL-ID/.bundle/main_bundle/dev_dev/artifacts/.internalWHEEL-NAMEwhl does not exist</LI-SPOILER><P>This was working fine a couple days before and now it is failing out of nowhere.</P> Thu, 29 May 2025 21:07:15 GMT juan_barreto 2025-05-29T21:07:15Z https://community.databricks.com/t5/data-engineering/service-principal-cannot-access-its-own-workspace-folder/m-p/120584#M46196 <P>We are using Asset bundles with databricks runtime 14.3LTS. During DAB deployment, the wheel is built and stored in the folder of the service principal running the deployment via GH workflow. The full path is<BR />/Workspace/Users/SERVICE-PRINCIPAL-ID/.bundle/main_bundle/dev_dev/artifacts/.internal/WHEEL-NAME.whl</P><P>Within the same DAB, we define and deploy a job which uses a job cluster. when using the wheel as a task dependency we get this error&nbsp;<SPAN>message:&nbsp;</SPAN></P><LI-SPOILER>run failed with error message Library installation failed for library due to user error for whl: "/Workspace/Users/SERVICE-PRINCIPAL-ID/.bundle/main_bundle/dev_dev/artifacts/.internal/WHEEL-NAME.whl" Error messages: Library installation attempted on the driver node of cluster CLUSTER-ID and failed. User does not have permission to read the library file, or the file path does not exist. Error Code: FILE_NOT_FOUND_FAILURE. Error Message: java.util.concurrent.ExecutionException: java.io.FileNotFoundException: File file:/Workspace/Users/SERVICE-PRINCIPAL-ID/.bundle/main_bundle/dev_dev/artifacts/.internalWHEEL-NAMEwhl does not exist</LI-SPOILER><P>This was working fine a couple days before and now it is failing out of nowhere.</P> Thu, 29 May 2025 21:07:15 GMT https://community.databricks.com/t5/data-engineering/service-principal-cannot-access-its-own-workspace-folder/m-p/120584#M46196 juan_barreto 2025-05-29T21:07:15Z https://community.databricks.com/t5/data-engineering/service-principal-cannot-access-its-own-workspace-folder/m-p/120614#M46207 <P>You're encountering a common issue when using service principals and job clusters with workspace-scoped paths. This typically happens due to<BR />permission mismatches or cluster identity issues. Here’s a breakdown of the root cause and a recommended solution:</P><P>Root Cause:</P><P>When using a job cluster, the cluster runs under a different identity (not the same service principal that created the bundle).<BR />If your `.whl` file is stored under:</P><P>/Workspace/Users/SERVICE-PRINCIPAL-ID/.bundle/...</P><P><BR />the job cluster **may not have permission** to access that folder. This results in:</P><P>--&gt; Library installation failed<BR />--&gt; java.io.FileNotFoundException` or `Permission Denied`</P><P>This behavior might have changed recently due to a permission policy update or workspace changes.</P><P><BR />Recommended Solution:</P><P>1.Avoid storing `.whl` under the service principal's folder</P><P>Instead, store the `.whl` in a shared location accessible by all clusters. Use **DBFS** or **Workspace shared folders**, such as:</P><P>dbfs:/FileStore/libs/your_wheel.whl</P><P>Then update your job/library reference like:</P><P>"libraries": [<BR />{<BR />"whl": "dbfs:/FileStore/libs/your_wheel.whl"<BR />}<BR />]</P><P>2.Check and adjust permissions (if still using workspace path):</P><P>If you must use `/Workspace/...` paths:</P><P>--&gt; Navigate to the file or folder in the Workspace UI.<BR />--&gt; Click “Permissions” and ensure the service principal or cluster owner has **Can Read** or **Can Manage** permissions.</P><P>3.Alternative Approach – Use a repo or MLflow artifacts</P><P>Consider storing your wheel file in:</P><P>--&gt; A Git repo connected to Databricks Repos<BR />--&gt; MLflow registered models or artifacts<BR />--&gt; A cloud storage location (S3, ADLS, GCS) with appropriate IAM access</P><P>&nbsp;</P> Fri, 30 May 2025 13:44:46 GMT https://community.databricks.com/t5/data-engineering/service-principal-cannot-access-its-own-workspace-folder/m-p/120614#M46207 HariSankar 2025-05-30T13:44:46Z