Databricks Community

Conlyn · ‎06-05-2024

We are using terraform to setup Unity Catalog external locations and when using databricks_grants to set permissions on the external locations it throws the following error:

Error: cannot create grants: permissions for external_location-test_location are &{[{TEST_ROLE [ALL_PRIVILEGES] [Principal]}]}, but have to be {[{TEST_ROLE [ALL_PRIVILEGES] []}]}

Here is the plan output:

# databricks_grants.external_locations["test_location"] will be created
  + resource "databricks_grants" "external_locations" {
      + external_location = "test_location"
      + id                = (known after apply)

      + grant {
          + principal  = "TEST_ROLE"
          + privileges = [
              + "ALL_PRIVILEGES",
            ]
        }
    }

We have tried multiple TF and Databricks provider versions including latest and all throw the same error.

Thanks,

-Conlyn

Conlyn · ‎06-05-2024

I figured out my issue... The principal name is case sensitive and if the input value doesn't match the case of the email address or Group Name in the workspace/account it throws that ambiguous error.

View solution in original post

Conlyn · ‎06-05-2024

I should mention that the apply actually succeeds setting the permission, but the error is output and the state file only lists the workspace and external_location data elements.

Conlyn · ‎06-05-2024

I figured out my issue... The principal name is case sensitive and if the input value doesn't match the case of the email address or Group Name in the workspace/account it throws that ambiguous error.

Databricks Community

Terraform databricks_grants errors on external_location

Connect with Databricks Users in Your Area

Now Hiring: Databricks Community Technical Moderator

Data + AI Summit: Call for Presentations

Season's Speedings: Databricks SQL Delivers 4x Performance Boost Over Two Years

Databricks Community Champion - October 2024 - Filip Niziol

Become Our Next Monthly Community Champion!