cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

restrict workspace admin from creating service principal

antonionuzzo
New Contributor III

โ€Ž05-02-2025 01:19 AM

Hello,

I would like to restrict workspace admins from creating service principals and leave this privilege only to the account admin. Is this possible? I am aware of the RestrictWorkspaceAdmins command, but it does not meet my needs. Additionally, I have looked into the possibility of monitoring the management of service principals through the auditLog tables, but I would like to understand if it is possible to delegate the creation of service principals exclusively to the account admin.

0 Kudos
1 REPLY 1

Advika
Databricks Employee
Databricks Employee

โ€Ž05-02-2025 06:05 AM

Hello @antonionuzzo!

Based on the documentation and my understanding, there isnโ€™t a built-in way to restrict the creation of service principals exclusively to account admins. And as you mentioned, the RestrictWorkspaceAdmins setting doesnโ€™t cover this specific permission. For now, the best approach is to monitor service principal activity through audit logs and enforce internal policies to manage this access.

 

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements