The error message "Pipeline 'Run As' identity does not have access to selected budget policy" typically indicates that, while your service principal is properly configured for general pipeline ownership, itโs missing explicit permission on the budget policy itself. Assigning group membership or workspace access alone is not sufficient for budget policy usage with service principals in Databricks DLT pipelines.โ
Required Steps to Resolve
-
You must explicitly assign the service principal as a user (can use) or manager (can edit/manage) on the budget policy in question. This must be done directly on the policy's permissions page or via API:
-
Go to the budget policyโs page in the Databricks console.โ
-
Click the Permissions tab.
-
Add your service principal as an identity (not just via group membership).
-
Assign it the appropriate role, ideally user for running pipelines.
-
Save changes.
-
If programmatically managing access for large numbers of users/principals, Databricks offers an API endpoint for access-control rule sets where you may need to add the service principal to roles such as budgetPolicy.user or budgetPolicy.manager.โ
Additional Notes
-
Merely moving pipeline ownership or assigning group access does not grant budget policy usage rights; these permissions are independent and must be set at the policy level for the service principalโs identity.โ
-
For troubleshooting, ensure the service principal appears under the budget policyโs permission list and is marked with Can use or Manager rights.
-
Access issues frequently occur when organizational role assignment and policy-level permission assignment are confused โ always confirm direct budget policy access.โ
If you follow the above steps to explicitly add and grant access to your service principal for the budget policy, your DLT pipeline should run without the access error. If issues persist, double check the principalโs assignment in the policy UI or the result of the API call for permissions.
