cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

restrict workspace admin from creating service principal

antonionuzzo
New Contributor III

‎05-02-2025 01:19 AM

Hello,

I would like to restrict workspace admins from creating service principals and leave this privilege only to the account admin. Is this possible? I am aware of the RestrictWorkspaceAdmins command, but it does not meet my needs. Additionally, I have looked into the possibility of monitoring the management of service principals through the auditLog tables, but I would like to understand if it is possible to delegate the creation of service principals exclusively to the account admin.

0 Kudos
1 REPLY 1

Advika
Databricks Employee
Databricks Employee

‎05-02-2025 06:05 AM

Hello @antonionuzzo!

Based on the documentation and my understanding, there isn’t a built-in way to restrict the creation of service principals exclusively to account admins. And as you mentioned, the RestrictWorkspaceAdmins setting doesn’t cover this specific permission. For now, the best approach is to monitor service principal activity through audit logs and enforce internal policies to manage this access.

 

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements