cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Terraform can set ALL_PRIVILEGES and USE_CATALOG on catalogs for 'account users', but not # SELECT or USE_SCHEMA

Andrei_Radulesc
Contributor III

‎11-28-2022 03:32 PM

Only the GUI seems to allow SELECT and USE_SCHEMA 'account users' permissions on catalogs. Terraform gives me an error. Here is my Terraform config:

resource "databricks_grants" "staging" {

 provider = databricks.workspace

 catalog = databricks_catalog.staging.name

 grant {

   principal = "account users"

   privileges = ["SELECT", "USE_CATALOG", "USE_SCHEMA"]

 }

}

│ Error: USE_SCHEMA is not allowed on catalog

│  with module.unity_catalog.databricks_grants.staging,

│  on ../../modules/production/unity_catalog/main.tf line 158, in resource "databricks_grants" "staging":

│ 158: resource "databricks_grants" "staging" {

The Terraform man page for databricks_grants says the above should have worked (https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants#catalog-grants)

0 Kudos
2 REPLIES 2

Pat
Honored Contributor III

‎11-30-2022 08:57 PM

Hi @Andrei Radulescu-Banu​ ,

Which version of the provider are you using?

I did check the github repo it should work:

https://github.com/databricks/terraform-provider-databricks/blob/d65ef3518074a48e079080d94e1ab33a80b...

Maybe this would help:

Note

This article refers to the privileges and inheritance model in Privilege Model version 1.0. If you created your metastore during the public preview (before August 25, 2022), you can upgrade to Privilege Model version 1.0 following Upgrade to privilege inheritance

thanks,

Pat

0 Kudos

Andrei_Radulesc
Contributor III
In response to Pat

‎12-01-2022 10:27 AM

Thanks Pat.

  • I am using databricks terraform provider version 1.2.0.
  • I see that the resource_grants.go has the expected settings, however, this did not work for me.
  • I don't see a ' Privilege Mode' setting that I could upgrade in the catalog. Probably means I have the latest privilege mode. Or, maybe, the privilege mode is handled differently on my back end which is AWS, not Azure.

For now, I am setting these permissions manually (instead of Terraform) as a workaround.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements