cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Terraform can set ALL_PRIVILEGES and USE_CATALOG on catalogs for 'account users', but not # SELECT or USE_SCHEMA

Andrei_Radulesc
Contributor III

‎11-28-2022 03:32 PM

Only the GUI seems to allow SELECT and USE_SCHEMA 'account users' permissions on catalogs. Terraform gives me an error. Here is my Terraform config:

resource "databricks_grants" "staging" {

 provider = databricks.workspace

 catalog = databricks_catalog.staging.name

 grant {

   principal = "account users"

   privileges = ["SELECT", "USE_CATALOG", "USE_SCHEMA"]

 }

}

│ Error: USE_SCHEMA is not allowed on catalog

│  with module.unity_catalog.databricks_grants.staging,

│  on ../../modules/production/unity_catalog/main.tf line 158, in resource "databricks_grants" "staging":

│ 158: resource "databricks_grants" "staging" {

The Terraform man page for databricks_grants says the above should have worked (https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants#catalog-grants)

0 Kudos
2 REPLIES 2

Pat
Honored Contributor III

‎11-30-2022 08:57 PM

Hi @Andrei Radulescu-Banu​ ,

Which version of the provider are you using?

I did check the github repo it should work:

https://github.com/databricks/terraform-provider-databricks/blob/d65ef3518074a48e079080d94e1ab33a80b...

Maybe this would help:

Note

This article refers to the privileges and inheritance model in Privilege Model version 1.0. If you created your metastore during the public preview (before August 25, 2022), you can upgrade to Privilege Model version 1.0 following Upgrade to privilege inheritance

thanks,

Pat

0 Kudos

Andrei_Radulesc
Contributor III
In response to Pat

‎12-01-2022 10:27 AM

Thanks Pat.

  • I am using databricks terraform provider version 1.2.0.
  • I see that the resource_grants.go has the expected settings, however, this did not work for me.
  • I don't see a ' Privilege Mode' setting that I could upgrade in the catalog. Probably means I have the latest privilege mode. Or, maybe, the privilege mode is handled differently on my back end which is AWS, not Azure.

For now, I am setting these permissions manually (instead of Terraform) as a workaround.

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.