cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unity Catalog not enabled - personal Microsoft account cannot access Account Console on Azure Databr

ushakale
Visitor

yesterday 

Hi,
I have an Azure Databricks Premium workspace (upgraded from Standard today) and cannot enable Unity Catalog because my Azure subscription was created with a personal Microsoft account (live.com#ushakaleclouddba@outlook.com).
Workspace details:- Workspace ID: 7405618995762877- URL: adb-7405618995762877.17.azuredatabricks.net- Region: East US- SKU: Premium (confirmed via CLI)- isUcEnabled: false (confirmed via CLI)- unity-catalog-access-connector: auto-provisioned during upgrade
What I tried:- accounts.azuredatabricks.net redirects to Fabric console instead of   Databricks Account Console- Added Entra ID org account as workspace admin via SCIM API — no   "Manage Account" option appears- REST API call to /api/2.1/unity-catalog/metastores returns   PERMISSION_DENIED: User is not an account admin for Account- CREATE CATALOG returns UC_NOT_ENABLED (SQLSTATE: 56038)
Is there a way to bootstrap account admin for a personal Microsoft account subscription, or enable Unity Catalog directly without Account Console access?
Thank you
 
0 Kudos
1 REPLY 1

balajij8
Contributor III

yesterday

Hi,

You can log into the Azure Portal using personal outlook account, navigate to Microsoft Entra ID and create a new cloud user directly within default tenant directory. Because the primary subscription email is an external identity, the directory domain will automatically default to an organizational string like .onmicrosoft.com. You can configure a clean identity such as dbadmin@ushakaleclouddbaoutlook.onmicrosoft.com and securely record its temporary password.

Once the new identity is created, click into the new user's profile within Entra ID, navigate to assigned roles and add the Global Administrator role to this new account. Move to the Azure Subscription or the specific Resource Group that runs the Premium Databricks workspace. Click into Access Control (IAM), select add role assignment, and grant this newly created organizational user the Owner or Contributor role to ensure that the identity possesses full administrative authority over the underlying Azure cloud infrastructure assets before you attempt to map any services.

You can open a completely new incognito browsing window and login with the new account created and navigate directly into the Databricks Account Console where you can navigate to Data, build your East US metastore, link it to your workspace and successfully run CREATE CATALOG commands

0 Kudos
Announcements