cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to add existing recipient to existing delta share

chethankumar
New Contributor III

I am facing an issue while adding a recipient to Delta Share using Terraform. The owner of my recipient is a group, not an individual user. I'm running this Terraform script using a service principal member of that group. However, I'm encountering the following issue when trying to create grants:
Error: cannot update grants: User is not an owner of Recipient 'abc'

Example script I have used. 
resource "databricks_grants" "databricks_grants" {
share = "delta_sharing"
grant {
principal = "abc"
privileges = ["SELECT"]
}
}

1 ACCEPTED SOLUTION

Accepted Solutions

Walter_C
Databricks Employee
Databricks Employee

The issue you are encountering is due to the fact that the service principal you are using does not have the necessary ownership permissions on the recipient 'abc'.

Here are some steps you can take to resolve this issue:

  1. Verify Ownership: Ensure that the service principal is indeed a member of the group that owns the recipient 'abc'. You can check the ownership settings in the Databricks workspace.

  2. Grant Ownership: If the service principal is not an owner, you will need to grant ownership to the service principal. This can be done using the Databricks CLI or through the Databricks UI. For example, you can use the following command to update the owner of the recipient:

    databricks recipients update --name abc --owner <service-principal-id>
  3. Check Permissions: Ensure that the service principal has the necessary permissions to perform the operation. This includes having the USE RECIPIENT and SET RECIPIENT PERMISSION privileges.

View solution in original post

3 REPLIES 3

Walter_C
Databricks Employee
Databricks Employee

The issue you are encountering is due to the fact that the service principal you are using does not have the necessary ownership permissions on the recipient 'abc'.

Here are some steps you can take to resolve this issue:

  1. Verify Ownership: Ensure that the service principal is indeed a member of the group that owns the recipient 'abc'. You can check the ownership settings in the Databricks workspace.

  2. Grant Ownership: If the service principal is not an owner, you will need to grant ownership to the service principal. This can be done using the Databricks CLI or through the Databricks UI. For example, you can use the following command to update the owner of the recipient:

    databricks recipients update --name abc --owner <service-principal-id>
  3. Check Permissions: Ensure that the service principal has the necessary permissions to perform the operation. This includes having the USE RECIPIENT and SET RECIPIENT PERMISSION privileges.

chethankumar
New Contributor III

@Walter_C 
Thank you for your response. However, I want to set the recipient owner as a group, not a single user or service principal, because I need to assign multiple service principals as owners of the recipient. I have multiple workspaces, and I want to use separate service principals for each workspace

chethankumar
New Contributor III

I was able to fix the issue. The problem was that the service principal I was using didn’t have the correct permissions assigned

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group