cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Community Platform Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue with Service Principal and Grants in Databricks

jv_v
New Contributor III

‎07-18-2024 04:16 AM

 

Hi,

We created a service principal in Databricks as per the documentation here.

However, when we execute the following SQL query, we are unable to see the service principal:

 
SHOW GRANTS testservice ON METASTORE

error:
[RequestId=564cbcf9-e8b7-476d-a4db-96e6dccb87ad ErrorClass=PRINCIPAL_DOES_NOT_EXIST] Could not find principal with name testservice

We believe this might be the reason why we are unable to create an external location and also unable to grant the "CREATE EXTERNAL LOCATION" permission using the following Terraform code:

resource "databricks_grants" "grant" {

depends_on = [databricks_metastore.this]

  metastore = "databricks_metastore.this.id"

  grant {

    principal = "testservice"

    privileges = ["CREATE_EXTERNAL_LOCATION","CREATE_CATALOG"]

  }

}



// Task011 Create external location to be used as root storage by dev catalog

resource "databricks_external_location" "dev_location" {

  provider = databricks.Workspace

  name = var.external_location_name

  #url="abfss://strgconr@demorkstrgac.dfs.core.windows.net"

  url = format("abfss://%s@%s.dfs.core.windows.net/",azurerm_storage_container.dev_catalog.name,

  module.metastore_and_users.azurerm_storage_account_unity_catalog.name)

  credential_name = databricks_storage_credential.external_mi.id

  owner           = var.owner

  comment         = "External location used by dev catalog as root storage"

}

error: cannot create grants: metastore_id must be empty or equal to the metastore id assigned to the workspace.

Can you help us understand why the service principal is not appearing in the query results and how we can resolve this issue to create an external location and grant the necessary permissions?

0 Kudos
1 REPLY 1

Kaniz_Fatma
Community Manager
Community Manager

‎07-19-2024 07:42 AM

Hi @jv_v

  • Ensure that the service principal testservice was created successfully. You can check this in the Azure portal under Azure Active Directory > App registrations.
  • Make sure the service principal has the necessary permissions to access the Databricks workspace and the metastore. This includes roles like Contributor or Owner on the Databricks resource group.
  • Verify that the metastore ID used in your Terraform script matches the one assigned to your Databricks workspace. You can find the metastore ID in the Databricks UI under Data > Metastores.
  • Double-check your Terraform configuration to ensure that the metastore ID is correctly referenced.

If these steps don’t resolve the issue, please provide more details or any additional error messages you encounter, and we can further troubleshoot together.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements