cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Can not set Service Principal User role to a service principal

jgrycz
New Contributor III

Hi!

I'm trying to assign `Service Principal Users` role to a newly create Service Principal using terraform.

For that I use following block of code:

```

resource "databricks_service_principal_role" "sp_job_runner_user_role" {
  service_principal_id = databricks_service_principal.sp_job_runner.id
  role = "roles/servicePrincipal.user"
}
```
Terraform complains with following error when I execute `terraform apply`:
```
Error: cannot create service principal role: invalidValue Invalid role value roles/servicePrincipal.user
```

What's the valid role name I should use?

I would like to do the same thing as on the below image:

Screenshot 2024-11-13 at 15.30.56.png
 
I need that SP to run a databricks jobs, but without that role I'm unable to assign this SP in the `run_as` field because of this error:
```
Error: cannot update job: Cannot bind the service principal provided in 'run_as' field (.....) to the job. The user creating or updating the job must have 'servicePrincipal.user' role on the service principal.
```
1 ACCEPTED SOLUTION

Accepted Solutions

Alberto_Umana
Databricks Employee
Databricks Employee

Hi @jgrycz,

Can you follow this block of code mentioned here: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/access_control_r...

Please note:

Currently, we only support managing access rules on service principal, group and account resources through databricks_access_control_rule_set.

View solution in original post

2 REPLIES 2

Alberto_Umana
Databricks Employee
Databricks Employee

Hi @jgrycz,

Can you follow this block of code mentioned here: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/access_control_r...

Please note:

Currently, we only support managing access rules on service principal, group and account resources through databricks_access_control_rule_set.

jgrycz
New Contributor III

@Alberto_Umana thanks for help! 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group