Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
Showing results for 
Search instead for 
Did you mean: 

Azure Devops repos access

New Contributor III

I have a Databricks setup, where the users and their permissions are handled in Microsoft Azure using AD groups and then provisioned (account level) using a provisioning connector to Databricks. The code repositories are in Azure Devops where users are granted access as needed. 

This is described here and has worked up until now. 

Some changes to the AD groups were needed, and after the change the setup no longer works. In particular, some of the users cannot commit or pull from git (the repos is still there). We have two environments and I can only recreate the error on one of them and not always.   

PATs are now used as a temporary fix but it won't be a solution in the long run. 

Has something changed and/or am I missing a step? 


Community Manager
Community Manager

Hi @alm

Here are some steps to check and potential solutions:

  1. SCIM Provisioning Connector:

  2. Azure AD Permissions:

    • Make sure that the users and groups in your Azure AD have the appropriate permissions. Users should be part of the relevant AD groups that grant access to Databricks resources.
    • Check if there were any changes to the AD group memberships after the recent modifications. Ensure that the affected users are still part of the correct groups.
  3. Workspace-Level Permissions:

    • Confirm that your Databricks workspaces are enabled for identity federation. This allows you to manage user assignments to workspaces.
    • If some workspaces are not enabled for identity federation, continue provisioning users, service principals, and groups directly to those workspaces.
  4. Troubleshooting:

    • Monitor the Databricks logs for any error messages related to provisioning or permissions.
    • Check if the issue occurs consistently in both environments. If it’s specific to one environment, compare the configurations between the two.
    • Verify that the affected users have the necessary permissions to commit and pull from Git repositories in Azure DevOps.
  5. Long-Term Solution:

    • While Personal Access Tokens (PATs) can serve as a temporary workaround, consider a more sustainable solution.
    • Review your AD group structure and permissions. Ensure that the changes made align with your Databricks setup.
    • Remember that troubleshooting complex setups like this can involve multiple factors, so thorough investigation is essential. If you need additional help, feel free to provide more details, and we’ll continue troubleshooting together! 🛠🔍
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!