cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

On-behalf-of token creation for service principals is not enabled for this workspace

Ajay-Pandey
Esteemed Contributor III

‎03-19-2024 03:49 AM

Hi All

I just wanted to create PAT for Databricks Service Principle but getting below code while hitting API or using CLI - 

AjayPandey_0-1710845262519.pngAjayPandey_1-1710845276557.png

Please help me to create PAT for the same.

#dataengineering #databricks

Ajay Kumar Pandey
0 Kudos
6 REPLIES 6

Kaniz_Fatma
Community Manager
Community Manager

‎03-19-2024 04:48 AM - edited ‎03-19-2024 04:48 AM

Hi @Ajay-Pandey, Please check this community thread -

0 Kudos

Ajay-Pandey
Esteemed Contributor III
In response to Kaniz_Fatma

‎03-19-2024 05:25 AM

@Kaniz_Fatma I have already referred this one but still having issue
I have created Service Account in Databricks and I am not using Azure Service Principle

Ajay Kumar Pandey
0 Kudos

Kaniz_Fatma
Community Manager
Community Manager

‎03-19-2024 05:32 AM

Hi @Ajay-PandeyThe error message you’re encountering indicates that the on-behalf-of token creation feature for service principals is not enabled for your Databricks workspace.

To enable this feature, follow these steps:

  1. Provide CAN_USE Permission:

    • You need to grant the CAN_USE permission to the service principal in the token manage permission.
    • Navigate to Admin > Workspace Settings.
    • Look for the CAN_USE option and provide this permission to your service principal.
  2. Once the feature is enabled, you should be able to use the /api/2.0/token-management/on-behalf-of/to...12. If you encounter any further issues, feel free to reach out for assistance! 
0 Kudos

Ajay-Pandey
Esteemed Contributor III

‎03-19-2024 08:04 AM

Hi @Kaniz_Fatma ,

I have given all the permissions (Admin) to Service Principle and still having the same issue.

Please find all the details below - 

AjayPandey_0-1710860431811.png

AjayPandey_1-1710860497811.png

 

 

Ajay Kumar Pandey
0 Kudos

Ajay-Pandey
Esteemed Contributor III

‎04-07-2024 09:59 PM

Hi @Kaniz_Fatma 
Have you got any update on this ?

Ajay Kumar Pandey
0 Kudos

MorpheusGoGo
New Contributor II

a week ago - last edited a week ago

This only works if you are on AWS or GCP, no support for Azure 😞 

Check the API documentation AWS - https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken

No such documentation exists for Azure.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements