Databricks Community

Kasen · ‎05-06-2024

Hi everyone,

I created a service principals called TestServicePrincipal. I tried to grant the catalog access to the service principals, but the error mentioned that it could not find principal with name TestServicePrincipal. If I grant the access to specific user by replacing `TestServicePrincipal` to `user1@mycompany.com`, then it works fine. May I know what is the reason that I can't grant the catalog access to the service principals that I created? By right I should be able to do so by following the documentation below:

https://docs.databricks.com/en/sql/language-manual/security-grant.html

Any help or advise will be greatly appreciated, thank you.

Kaniz_Fatma · ‎05-07-2024

Hi @Kasen, It seems you’re encountering an issue where your newly created service principal isn’t immediately discoverable.

Let’s explore some possible reasons and solutions:

Delayed Propagation:
- Sometimes, there can be a delay in the propagation of service principal information across Azure services. Even though you’ve created the service principal, it might take some time for it to become fully visible.
- In your case, you mentioned that a few hours later, the service principal appeared when using Get-AzureADServicePrincipal. This delay could be due to background processes or caching mechanisms.
Order of Creation:
- When creating a service principal, it’s essential to understand the order of operations. The New-AzADServicePrincipal cmdlet creates the service principal, but it doesn’t necessarily create the associated app registration.
- Typically, you should create the app registration first and then create the service principal. The app registration provides the necessary context for the service principal.
- If you reverse the order (create the service principal first), it might lead to issues like the one you encountered.
Check Enterprise Applications:
- Service principals are associated with app registrations, which appear as enterprise applications in Azure Active Directory (formerly AAD).
- To find your service principal, navigate to the Azure portal, go to “Azure Active Directory,” and then look under “Enterprise applications.”
- Clear any filters and search by the name of your service principal (e.g., “TestServicePrincipal”). It should be listed there ¹.
Permissions and Privileges:
- Ensure that your account has sufficient privileges to view service principals. If your account’s user type is just a member in the tenant, you might encounter limitations.
- Consider changing the ServicePrincipalName to a different one or asking your admin to add your user ...².

Remember that Azure services can sometimes exhibit unexpected behavior due to various factors. If you encounter similar issues in the future, consider waiting for a while or verifying the order of operations during creation.

Hopefully, this helps you troubleshoot the issue with your service principal! 😊🚀³ ⁴

View solution in original post

Kaniz_Fatma · ‎05-07-2024

Hi @Kasen, It seems you’re encountering an issue where your newly created service principal isn’t immediately discoverable.

Let’s explore some possible reasons and solutions:

Delayed Propagation:
- Sometimes, there can be a delay in the propagation of service principal information across Azure services. Even though you’ve created the service principal, it might take some time for it to become fully visible.
- In your case, you mentioned that a few hours later, the service principal appeared when using Get-AzureADServicePrincipal. This delay could be due to background processes or caching mechanisms.
Order of Creation:
- When creating a service principal, it’s essential to understand the order of operations. The New-AzADServicePrincipal cmdlet creates the service principal, but it doesn’t necessarily create the associated app registration.
- Typically, you should create the app registration first and then create the service principal. The app registration provides the necessary context for the service principal.
- If you reverse the order (create the service principal first), it might lead to issues like the one you encountered.
Check Enterprise Applications:
- Service principals are associated with app registrations, which appear as enterprise applications in Azure Active Directory (formerly AAD).
- To find your service principal, navigate to the Azure portal, go to “Azure Active Directory,” and then look under “Enterprise applications.”
- Clear any filters and search by the name of your service principal (e.g., “TestServicePrincipal”). It should be listed there ¹.
Permissions and Privileges:
- Ensure that your account has sufficient privileges to view service principals. If your account’s user type is just a member in the tenant, you might encounter limitations.
- Consider changing the ServicePrincipalName to a different one or asking your admin to add your user ...².

Remember that Azure services can sometimes exhibit unexpected behavior due to various factors. If you encounter similar issues in the future, consider waiting for a while or verifying the order of operations during creation.

Hopefully, this helps you troubleshoot the issue with your service principal! 😊🚀³ ⁴