WiliamRosa
Databricks Partner

Hi @T0M, how are you doing?

You’re right about the statuses at the level above the job; however, my reference to IS_OWNER comes from the job-level statuses, as shown below:

IS_OWNER exists and is valid for resource-level permissions (e.g., inside resources.jobs.<id>.permissions). The docs list the allowed levels per resource type and, for Jobs, they include IS_OWNER.

At the bundle top-level permissions block (either the root permissions or targets.<env>.permissions), the only allowed values are CAN_VIEW, CAN_MANAGE, and CAN_RUN — it does not accept IS_OWNER

Example:

bundle:
  name: my-bundle

resources:
  jobs:
    my-job:
      name: My Job
      permissions:
        - service_principal_name: 00000000-0000-0000-0000-000000000000
          level: IS_OWNER            # allowed on the Job resource

targets:
  prod:
    permissions:
      - group_name: data-engineering
        level: CAN_VIEW              #top/targets only accept VIEW/MANAGE/RUN
    run_as:
      service_principal_name: 00000000-0000-0000-0000-000000000000

The documentation below also includes some YAML examples:
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/bundles/permissions

Wiliam Rosa
Data Engineer | Machine Learning Engineer
LinkedIn: linkedin.com/in/wiliamrosa