cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Getting PermissionDenied in SDK When Updating External Location Isolation Mode

MarkV
New Contributor III

‎09-06-2024 06:10 AM

Using the Databricks SDK for Python in a notebook in a Databricks workspace, I'm creating an external location and then attempting to update the isolation mode and workspace bindings associated with the external location. The step to create the external location works fine. I'm the owner of the external location once it's created. However, when I try and update the owner to a group (of which I'm a member of) and the isolation_mode to ISOLATED, I get the error AttributeError: 'PermissionDenied' object has no attribute 'message'.

Of note:

  • If I remove the line to update the isolation mode and keep the owner line, I'm able to update the owner without issue.
  • I also get the same PermissionDenied error when executing the update_binding code as well.
  • I'm able to successfully use Postman and call the associated update and update_binding APIs to update the owner, isolation mode and workspace bindings.

Any ideas why I'd be getting the permission error using the SDK? Here's a dummy-downed version of my code:

 

-- Cell --
%pip install databricks-sdk --upgrade
 
-- Cell --
dbutils.library.restartPython()
 
-- Cell --
from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog
 
-- Cell --
w = WorkspaceClient()
 
-- Cell -- This works without issue. The location is owned by me when created.
external_location_create = w.external_locations.create(
    name="external_location_name",
    credential_name="xxx",
    comment="Source Data",
    url="abfss://source-data@yyy.dfs.core.windows.net"
)
 
-- Cell -- This does not work. I get the PermissionDenied error.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators",            
    isolation_mode=catalog.IsolationMode.ISOLATION_MODE_ISOLATED
)
 
-- Cell -- This does work if I remove the isolation_mode line.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators"
)
 
-- Cell -- This also fails with the PermissionDenied error.
external_loc_bind = w.workspace_bindings.update_bindings(
    securable_type=catalog.UpdateBindingsSecurableType.EXTERNAL_LOCATION,
    securable_name="external_location_name",
    add=[(catalog.WorkspaceBinding(binding_type=catalog.WorkspaceBindingBindingType.BINDING_TYPE_READ_WRITE, workspace_id=1111111111111111))]
 )
0 Kudos
1 REPLY 1

MarkV
New Contributor III

‎09-08-2024 03:42 AM

Let me clean-up these cells for better readability:

%pip install databricks-sdk --upgrade
dbutils.library.restartPython()
from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog
w = WorkspaceClient()
# This works without issue. The location is owned by me when created.
external_location_create = w.external_locations.create(
    name="external_location_name",
    credential_name="xxx",
    comment="Source Data",
    url="abfss://source-data@yyy.dfs.core.windows.net"
)
# This does not work. I get the PermissionDenied error.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators",            
    isolation_mode=catalog.IsolationMode.ISOLATION_MODE_ISOLATED
)
# This does work if I remove the isolation_mode line.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators"
)
# This also fails with the PermissionDenied error.
external_loc_bind = w.workspace_bindings.update_bindings(
    securable_type=catalog.UpdateBindingsSecurableType.EXTERNAL_LOCATION,
    securable_name="external_location_name",
    add=[(catalog.WorkspaceBinding(binding_type=catalog.WorkspaceBindingBindingType.BINDING_TYPE_READ_WRITE, workspace_id=1111111111111111))]
 )
0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
li.common.scroll-to.top