cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can not set Service Principal User role to a service principal

Go to solution
jgrycz
New Contributor III

a week ago - last edited a week ago

Hi!

I'm trying to assign `Service Principal Users` role to a newly create Service Principal using terraform.

For that I use following block of code:

```

resource "databricks_service_principal_role" "sp_job_runner_user_role" {
  service_principal_id = databricks_service_principal.sp_job_runner.id
  role = "roles/servicePrincipal.user"
}
```
Terraform complains with following error when I execute `terraform apply`:
```
Error: cannot create service principal role: invalidValue Invalid role value roles/servicePrincipal.user
```

What's the valid role name I should use?

I would like to do the same thing as on the below image:

Screenshot 2024-11-13 at 15.30.56.png
 
I need that SP to run a databricks jobs, but without that role I'm unable to assign this SP in the `run_as` field because of this error:
```
Error: cannot update job: Cannot bind the service principal provided in 'run_as' field (.....) to the job. The user creating or updating the job must have 'servicePrincipal.user' role on the service principal.
```
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Alberto_Umana
Databricks Employee
Databricks Employee

a week ago

Hi @jgrycz,

Can you follow this block of code mentioned here: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/access_control_r...

Please note:

Currently, we only support managing access rules on service principal, group and account resources through databricks_access_control_rule_set.

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Alberto_Umana
Databricks Employee
Databricks Employee

a week ago

Hi @jgrycz,

Can you follow this block of code mentioned here: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/access_control_r...

Please note:

Currently, we only support managing access rules on service principal, group and account resources through databricks_access_control_rule_set.

0 Kudos

Go to solution
jgrycz
New Contributor III

a week ago

@Alberto_Umana thanks for help! 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements