cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get resource permissions using terraform

Go to solution
fkseki
Contributor

2 weeks ago

Is there a way to retrieve resources (cluster, job, volume, catalog and all other objects) permissions?

On terraform docs there's a resource databricks_permissions but I didn't find a data source databricks_permissions, grants ou similar.

How can I get current resource permissions so I can "append" a new permission to the resource?

Regards,

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Ashwin_DSA
Databricks Employee
Databricks Employee

2 weeks ago

Hi @fkseki,

There isn’t a data "databricks_permissions" (or similar) in the Databricks Terraform, only the databricks_permissions resource, and that resource is authoritative for the full ACL of the object. That means Terraform can’t read the current permissions and append another during a plan.

Your options are to make Terraform the source of truth by using the Permissions API / Databricks CLI (or the Terraform exporter) once to pull the current ACL for the object and turn that into a databricks_permissions resource. You can then, whenever you want to append a permission, add another access_control block to that resource and terraform apply. Terraform manages the entire ACL declaratively.

Alternatively, you can manage ACLs outside Terraform by skipping databricks_permissions for that object and instead call the Permissions API or CLI directly (e.g., using PATCH where supported) to add/remove principals.

Hope this helps.

If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
fkseki
Contributor

2 weeks ago

Adding some info, I understand that the "import" functionality is not the way to go because I couldn't use it's return to add or remove principals to the resource's permission

0 Kudos

Go to solution
Ashwin_DSA
Databricks Employee
Databricks Employee

2 weeks ago

Hi @fkseki,

There isn’t a data "databricks_permissions" (or similar) in the Databricks Terraform, only the databricks_permissions resource, and that resource is authoritative for the full ACL of the object. That means Terraform can’t read the current permissions and append another during a plan.

Your options are to make Terraform the source of truth by using the Permissions API / Databricks CLI (or the Terraform exporter) once to pull the current ACL for the object and turn that into a databricks_permissions resource. You can then, whenever you want to append a permission, add another access_control block to that resource and terraform apply. Terraform manages the entire ACL declaratively.

Alternatively, you can manage ACLs outside Terraform by skipping databricks_permissions for that object and instead call the Permissions API or CLI directly (e.g., using PATCH where supported) to add/remove principals.

Hope this helps.

If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***
0 Kudos

Go to solution
fkseki
Contributor
In response to Ashwin_DSA

Tuesday

Hi Ashwin, thanks for the reply

Is it on the roadmap to have a "data databricks_permission" in the future?

We are using terraform to provide the users a self service platform so they can create resources (clusters, volumes, external location, connections, etc) in a controled way using only terraform and this would be essential for a good user experience.

 

Regards

0 Kudos
Announcements