cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Getting PermissionDenied in SDK When Updating External Location Isolation Mode

MarkV
New Contributor II

a week ago

Using the Databricks SDK for Python in a notebook in a Databricks workspace, I'm creating an external location and then attempting to update the isolation mode and workspace bindings associated with the external location. The step to create the external location works fine. I'm the owner of the external location once it's created. However, when I try and update the owner to a group (of which I'm a member of) and the isolation_mode to ISOLATED, I get the error AttributeError: 'PermissionDenied' object has no attribute 'message'.

Of note:

  • If I remove the line to update the isolation mode and keep the owner line, I'm able to update the owner without issue.
  • I also get the same PermissionDenied error when executing the update_binding code as well.
  • I'm able to successfully use Postman and call the associated update and update_binding APIs to update the owner, isolation mode and workspace bindings.

Any ideas why I'd be getting the permission error using the SDK? Here's a dummy-downed version of my code:

 

-- Cell --
%pip install databricks-sdk --upgrade
 
-- Cell --
dbutils.library.restartPython()
 
-- Cell --
from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog
 
-- Cell --
w = WorkspaceClient()
 
-- Cell -- This works without issue. The location is owned by me when created.
external_location_create = w.external_locations.create(
    name="external_location_name",
    credential_name="xxx",
    comment="Source Data",
    url="abfss://source-data@yyy.dfs.core.windows.net"
)
 
-- Cell -- This does not work. I get the PermissionDenied error.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators",            
    isolation_mode=catalog.IsolationMode.ISOLATION_MODE_ISOLATED
)
 
-- Cell -- This does work if I remove the isolation_mode line.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators"
)
 
-- Cell -- This also fails with the PermissionDenied error.
external_loc_bind = w.workspace_bindings.update_bindings(
    securable_type=catalog.UpdateBindingsSecurableType.EXTERNAL_LOCATION,
    securable_name="external_location_name",
    add=[(catalog.WorkspaceBinding(binding_type=catalog.WorkspaceBindingBindingType.BINDING_TYPE_READ_WRITE, workspace_id=1111111111111111))]
 )
0 Kudos
1 REPLY 1

MarkV
New Contributor II

a week ago

Let me clean-up these cells for better readability:

%pip install databricks-sdk --upgrade
dbutils.library.restartPython()
from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog
w = WorkspaceClient()
# This works without issue. The location is owned by me when created.
external_location_create = w.external_locations.create(
    name="external_location_name",
    credential_name="xxx",
    comment="Source Data",
    url="abfss://source-data@yyy.dfs.core.windows.net"
)
# This does not work. I get the PermissionDenied error.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators",            
    isolation_mode=catalog.IsolationMode.ISOLATION_MODE_ISOLATED
)
# This does work if I remove the isolation_mode line.
external_location_update = w.external_locations.update(
    name="external_location_name",
    owner="Zzz Metastore Administrators"
)
# This also fails with the PermissionDenied error.
external_loc_bind = w.workspace_bindings.update_bindings(
    securable_type=catalog.UpdateBindingsSecurableType.EXTERNAL_LOCATION,
    securable_name="external_location_name",
    add=[(catalog.WorkspaceBinding(binding_type=catalog.WorkspaceBindingBindingType.BINDING_TYPE_READ_WRITE, workspace_id=1111111111111111))]
 )
0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements