I have a Unity Catalog enabled workspace and I have full privileges including Account Admin. I would like to be able to remove the "CAN_MANAGE" privilege from the "users" group. According to the documentation, this should be possible. According to the documentation in multiple places this should be posssible - https://learn.microsoft.com/en-us/azure/databricks/security/auth/default-permissions#users-group
There is no UI element I can see to do this, so I have been working through the Workspace Permissions API (I have made sure my API is also using an account admin level permission), still with no luck. When I have been trying to remove permissions I either don't get a failure message and nothing happens or I get a "{"error_code":"INVALID_PARAMETER_VALUE","message":"Cannot modify permissions of directory [shared directory id]".
I have been trying to come at this from a number of different angles with no luck. I haven't come across any other posts or mentions of a similar issue or fix, only that as a workspace admin I should be able to do this.
Also as a note, I have already set up separate Entra ID group that I will be using to provide access to the workspace and turn off the access granted by the default system users workspace group.
