cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Terraform can set ALL_PRIVILEGES and USE_CATALOG on catalogs for 'account users', but not # SELECT or USE_SCHEMA

Andrei_Radulesc
Contributor III

Only the GUI seems to allow SELECT and USE_SCHEMA 'account users' permissions on catalogs. Terraform gives me an error. Here is my Terraform config:

resource "databricks_grants" "staging" {

 provider = databricks.workspace

 catalog = databricks_catalog.staging.name

 grant {

   principal = "account users"

   privileges = ["SELECT", "USE_CATALOG", "USE_SCHEMA"]

 }

}

โ”‚ Error: USE_SCHEMA is not allowed on catalog

โ”‚

โ”‚  with module.unity_catalog.databricks_grants.staging,

โ”‚  on ../../modules/production/unity_catalog/main.tf line 158, in resource "databricks_grants" "staging":

โ”‚ 158: resource "databricks_grants" "staging" {

โ”‚

โ•ต

The Terraform man page for databricks_grants says the above should have worked (https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants#catalog-grants)

2 REPLIES 2

Pat
Honored Contributor III

Hi @Andrei Radulescu-Banuโ€‹ ,

Which version of the provider are you using?

I did check the github repo it should work:

https://github.com/databricks/terraform-provider-databricks/blob/d65ef3518074a48e079080d94e1ab33a80b...

Maybe this would help:

Note

This article refers to the privileges and inheritance model in Privilege Model version 1.0. If you created your metastore during the public preview (before August 25, 2022), you can upgrade to Privilege Model version 1.0 following Upgrade to privilege inheritance

thanks,

Pat

Thanks Pat.

  • I am using databricks terraform provider version 1.2.0.
  • I see that the resource_grants.go has the expected settings, however, this did not work for me.
  • I don't see a ' Privilege Mode' setting that I could upgrade in the catalog. Probably means I have the latest privilege mode. Or, maybe, the privilege mode is handled differently on my back end which is AWS, not Azure.

For now, I am setting these permissions manually (instead of Terraform) as a workaround.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group