cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Generative AI
Explore discussions on generative artificial intelligence techniques and applications within the Databricks Community. Share ideas, challenges, and breakthroughs in this cutting-edge field.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Permission Denied for Genie Auto-Generated Service Principal on SQL Endpoint in Playground

Karthik_Karanm
New Contributor III

‎05-26-2025 01:26 AM - edited ‎05-26-2025 01:28 AM

Hi community,

Use Genie in multi-agent systems | Databricks Documentation
I’ve developed a multi-agent Genie in Databricks and integrated it with vector indexes. The setup works fine during model logging and prediction. The system successfully registers models to Model Serving.

However, when I interact with the Genie using the Playground UI, I receive the following error:

PermissionDenied: 2654507c-3f21-48f6-87f6-2e5ef2ac5c75 is not authorized to use or monitor this SQL Endpoint. Please contact your administrator.
Config: host=https://dbc-3a822fc8-adcc.cloud.databricks.com, auth_type=model-serving
During task with name 'Genie' and id 'f039979b-69b5-0353-3070-24c8427faeef'

What I’ve Observed:

  • The Genie automatically generates a service principal when integrated with multiple agents.
  • This principal queries or interacts with a SQL Endpoint to query the tables.
  • Unfortunately, I cannot manually assign permissions to this service principal.
  • It does not show up under typical service principal listings or user management.
  • As a result, any queries from the Playground fail with permission errors.

Any help or insight would be appreciated. I'm happy to provide more details if needed!

Thanks,
Karthik k

#genie #multiagent #model-serving #sql-endpoint #playground #permissions #service-principal #unity-catalog #databricks 

Labels:
0 Kudos
1 REPLY 1

dkushari
Databricks Employee
Databricks Employee

2 weeks ago

Hi @Karthik_Karanm - Can you ensure to add the Genie in the resources as mentioned in the TODO of the cell.

To enable automatic authentication, specify the dependent Databricks resources when calling mlflow.pyfunc.log_model().

TODO: If your Unity Catalog tool queries a vector search index or leverages external functions, you need to include the dependent vector search index and UC connection objects, respectively, as resources. See docs (AWS | Azure).

TODO: Add the SQL Warehouse or tables powering your Genie space to enable passthrough authentication. (AWS | Azure). If your genie space uses "embedded credentials" then you do not have to add this.

As an example, this is what I did -

resources = [
DatabricksServingEndpoint(endpoint_name=LLM_ENDPOINT_NAME),
DatabricksGenieSpace(genie_space_id=GENIE_SPACE_ID),
]

dkushari_0-1761174939220.png

 

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements