https://community.databricks.com/t5/warehousing-analytics/all-privileges-not-working-in-terraform-databricks-grants/m-p/22474#M540 <P>Hi @Andrei Radulescu-Banu​&nbsp;,</P><P></P><P>I believe you should use ALL_PRIVILEGES:</P><PRE><CODE>resource "databricks_grants" "test" { &nbsp; provider = databricks.workspace &nbsp; catalog = databricks_catalog.test.name &nbsp; grant { &nbsp; principal = "account users" &nbsp; privileges = ["ALL_PRIVILEGES"] &nbsp; } &nbsp; }</CODE></PRE><P>if not, please try 'ALL'.</P><P>I did this in the past, but I've removed catalog creation from TF before pushing the code, so no history in repo.</P><P></P><P>docs: <A href="https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants#catalog-grants" target="test_blank">https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants#catalog-grants</A></P> Tue, 22 Nov 2022 08:12:42 GMT Pat 2022-11-22T08:12:42Z https://community.databricks.com/t5/warehousing-analytics/all-privileges-not-working-in-terraform-databricks-grants/m-p/22473#M539 <P>I'm trying to create a UC catalog in Terraform on AWS, and grant "account users" ALL PRIVILEGES. Here is my code:</P><P></P><P><I>resource "databricks_catalog" "test" {</I></P><P><I>&nbsp;provider&nbsp;&nbsp;&nbsp;&nbsp;= databricks.workspace</I></P><P><I>&nbsp;metastore_id = var.metastore_id</I></P><P><I>&nbsp;name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;= "test"</I></P><P><I>&nbsp;owner&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;= "account users"</I></P><P><I>&nbsp;comment&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;= "Managed by Terraform"</I></P><P><I>&nbsp;properties = {</I></P><P><I>&nbsp;&nbsp;&nbsp;purpose = "testing"</I></P><P><I>&nbsp;}</I></P><P></P><P>When applying the config the 1st time, everything is fine. I can verify in the UI that the config was set. However, when applying the config a 2nd time, I get the error below:</P><P></P><P><I>Error: ALL PRIVILEGES is not allowed on catalog</I></P><P></P><P>Runnint terraform with TF_LOG=DEBUG gives me more detail about the error:</P><P></P><P><I>022-11-14T11:10:46.638-0500 [WARN]&nbsp;Provider "registry.terraform.io/databricks/databricks" produced an unexpected new value for module.unity_ca</I></P><P><I>talog.databricks_grants.test during refresh.</I></P><P><I>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- .grant: planned set element cty.ObjectVal(map[string]cty.Value{"principal":cty.StringVal("account users"), "privileges":cty.SetVal([]cty</I></P><P><I>.Value{cty.StringVal("ALL PRIVILEGES")})}) does not correlate with any element in actual</I></P><P><I>2022-11-14T11:10:46.646-0500 [ERROR] provider.terraform-provider-databricks_v1.2.0: Response contains error diagnostic: tf_resource_type=databri</I></P><P><I>cks_grants @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/vendor/github.com/hashicorp/terraform-plugin-go</I></P><P><I>/tfprotov5/internal/diag/diagnostics.go:56 @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_provider_addr=provider tf_req_id=32</I></P><P><I>a078b5-8e24-7103-bc75-20127e8a24fa tf_rpc=PlanResourceChange diagnostic_summary="ALL PRIVILEGES is not allowed on catalog" tf_proto_version=5.3 </I></P><P><I>timestamp=2022-11-14T11:10:46.646-0500</I></P><P></P><P><I>}</I></P><P></P><P><I>resource "databricks_grants" "test" {</I></P><P><I>&nbsp;provider = databricks.workspace</I></P><P><I>&nbsp;catalog&nbsp;= databricks_catalog.test.name</I></P><P><I>&nbsp;grant {</I></P><P><I>&nbsp;&nbsp;&nbsp;principal&nbsp;= "account users"</I></P><P><I>&nbsp;&nbsp;&nbsp;privileges = ["ALL PRIVILEGES"]</I></P><P><I>&nbsp;}</I></P><P><I>}</I></P><P></P><P>Any suggestion on how to set UC catalog permissions in Terraform?</P> Mon, 14 Nov 2022 16:12:54 GMT https://community.databricks.com/t5/warehousing-analytics/all-privileges-not-working-in-terraform-databricks-grants/m-p/22473#M539 Andrei_Radulesc 2022-11-14T16:12:54Z https://community.databricks.com/t5/warehousing-analytics/all-privileges-not-working-in-terraform-databricks-grants/m-p/22474#M540 <P>Hi @Andrei Radulescu-Banu​&nbsp;,</P><P></P><P>I believe you should use ALL_PRIVILEGES:</P><PRE><CODE>resource "databricks_grants" "test" { &nbsp; provider = databricks.workspace &nbsp; catalog = databricks_catalog.test.name &nbsp; grant { &nbsp; principal = "account users" &nbsp; privileges = ["ALL_PRIVILEGES"] &nbsp; } &nbsp; }</CODE></PRE><P>if not, please try 'ALL'.</P><P>I did this in the past, but I've removed catalog creation from TF before pushing the code, so no history in repo.</P><P></P><P>docs: <A href="https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants#catalog-grants" target="test_blank">https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants#catalog-grants</A></P> Tue, 22 Nov 2022 08:12:42 GMT https://community.databricks.com/t5/warehousing-analytics/all-privileges-not-working-in-terraform-databricks-grants/m-p/22474#M540 Pat 2022-11-22T08:12:42Z https://community.databricks.com/t5/warehousing-analytics/all-privileges-not-working-in-terraform-databricks-grants/m-p/22475#M541 <P>Yes! I was missing the underbar, "ALL_PRIVILEGES". It works now. Thank you!</P> Tue, 22 Nov 2022 20:55:16 GMT https://community.databricks.com/t5/warehousing-analytics/all-privileges-not-working-in-terraform-databricks-grants/m-p/22475#M541 Andrei_Radulesc 2022-11-22T20:55:16Z