By default, the "users" and "admins" groups have CAN_USE permission on the Personal Compute policy.
I'm using Terraform and would like to prevent regular users from using this policy to create additional compute clusters.
I haven't found a way to do this. The databricks_permissions resource requires an access_control block with a valid group_name and permission_level.
- Because at least one access_control block is required, I must specify some permission.
- I can't just give the admins CAN_USE here, because the API won't let you modify admin permissions for cluster-policy resources.
- The only supported permission level is CAN_USE, so I can't set a lower permission level, like CAN_VIEW.
How can I remove the default permissions from the "users" group here?
resource "databricks_permissions" "personal_compute_policy" {
cluster_policy_id = data.databricks_cluster_policy.personal_compute.id
access_control {
group_name = "users"
permission_level = "CAN_USE"
}
}
data "databricks_cluster_policy" "personal_compute" {
name = "Personal Compute"
}
