Issue with Service Principal and Grants in Databricks

jv_v — Thu, 18 Jul 2024 11:16:56 GMT

Hi,

We created a service principal in Databricks as per the documentation here.

However, when we execute the following SQL query, we are unable to see the service principal:

SHOW GRANTS testservice ON METASTORE

error:
[RequestId=564cbcf9-e8b7-476d-a4db-96e6dccb87ad ErrorClass=PRINCIPAL_DOES_NOT_EXIST] Could not find principal with name testservice

We believe this might be the reason why we are unable to create an external location and also unable to grant the "CREATE EXTERNAL LOCATION" permission using the following Terraform code:

resource "databricks_grants" "grant" {

depends_on = [databricks_metastore.this]

metastore = "databricks_metastore.this.id"

grant {

principal = "testservice"

privileges = ["CREATE_EXTERNAL_LOCATION","CREATE_CATALOG"]

}

// Task011 Create external location to be used as root storage by dev catalog

resource "databricks_external_location" "dev_location" {

provider = databricks.Workspace

name = var.external_location_name

#url="abfss://strgconr@demorkstrgac.dfs.core.windows.net"

url = format("abfss://%s@%s.dfs.core.windows.net/",azurerm_storage_container.dev_catalog.name,

module.metastore_and_users.azurerm_storage_account_unity_catalog.name)

credential_name = databricks_storage_credential.external_mi.id

owner = var.owner

comment = "External location used by dev catalog as root storage"

}

error: cannot create grants: metastore_id must be empty or equal to the metastore id assigned to the workspace.

Can you help us understand why the service principal is not appearing in the query results and how we can resolve this issue to create an external location and grant the necessary permissions?

topic Issue with Service Principal and Grants in Databricks in Get Started Discussions

Issue with Service Principal and Grants in Databricks