cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

How to create Service Principal and access APIs like clusters list without adding to admin group

Go to solution
akshay716
New Contributor III

โ€Ž02-19-2025 08:33 AM

I have created a Databricks Managed Service Principal and trying to access the APIs like clusters list, job lists pipelines but without adding it to admin group I am getting empty list in response. There are other ways to get clusters by adding policy and giving permission to specific cluster to get the details. Is there a way to create a service principal and access the api (READ only) without giving admin access(admin group)?

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-20-2025 05:10 AM

Only admin access through account console can be given not read only unfortunately.

View solution in original post

7 REPLIES 7

Go to solution
Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-19-2025 12:23 PM

Hi @akshay716,

You can assign specific permissions directly to the service principal without granting it broader admin access

0 Kudos

Go to solution
akshay716
New Contributor III
In response to Alberto_Umana

โ€Ž02-19-2025 09:32 PM - edited โ€Ž02-19-2025 09:33 PM

Hi @Alberto_Umana ,

I have selected all the Entitlements for that service principal and in Permissions added all the available roles, still not getting any data without adding it to the Admin group. Am I missing anything?

Preview file
15 KB
Preview file
14 KB
0 Kudos

Go to solution
BlakeWaverly
New Contributor II

โ€Ž02-19-2025 09:48 PM

You need specific permissions, try assigning cluster and job read access.

0 Kudos

Go to solution
akshay716
New Contributor III
In response to BlakeWaverly

โ€Ž02-19-2025 10:00 PM

@BlakeWaverly  I don't see cluster and job read access, Can you please share where can I find these. though I can assign this service principal to a specific cluster/job as CAN_VIEW but I want to add Read permission on workspace level.

0 Kudos

Go to solution
Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-20-2025 04:46 AM

@akshay716,

Specific Entitlements: You need to assign specific permissions to the service principal for each type of resource you want to access. 

  • Clusters: Grant the CAN_VIEW permission to the service principal for the clusters it needs to access.
  • Jobs: Similar to clusters, assign the CAN_VIEW permission for the jobs the service principal should access.
  • Workflow: Assign the appropriate permission for pipelines access CAN_VIEW
0 Kudos

Go to solution
akshay716
New Contributor III
In response to Alberto_Umana

โ€Ž02-20-2025 05:04 AM

@Alberto_Umana Is it possible to give CAN_VIEW permission on the workspace level instead of specific resource?

0 Kudos

Go to solution
Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-20-2025 05:10 AM

Only admin access through account console can be given not read only unfortunately.

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements