| subcategory |
|---|
Security |
These resources are invoked in the account context. Permission Assignment Account API endpoints are restricted to account admins. Provider must have account_id attribute configured. Account Id that could be found in the top right corner of Accounts Console
In account context, adding account-level group to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_group" "data_eng" {
display_name = "Data Engineering"
}
resource "databricks_mws_permission_assignment" "add_admin_group" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_group.data_eng.id
permissions = ["ADMIN"]
}In account context, adding account-level user to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_user" "me" {
user_name = "[email protected]"
}
resource "databricks_mws_permission_assignment" "add_user" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_user.me.id
permissions = ["USER"]
}In account context, adding account-level service principal to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_service_principal" "sp" {
display_name = "Automation-only SP"
}
resource "databricks_mws_permission_assignment" "add_admin_spn" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_service_principal.sp.id
permissions = ["ADMIN"]
}The following arguments are required:
workspace_id- Databricks workspace ID.principal_id- Databricks ID of the user, service principal, or group. The principal ID can be retrieved using the SCIM API, or using databricks_user, databricks_service_principal or databricks_group data sources.permissions- The list of workspace permissions to assign to the principal:"USER"- Can access the workspace with basic privileges."ADMIN"- Can access the workspace and has workspace admin privileges to manage users and groups, workspace configurations, and more.
In addition to all arguments above, the following attributes are exported:
id- ID of the permission assignment in form ofworkspace_id|principal_id.
The resource databricks_mws_permission_assignment can be imported using the workspace id and principal id
terraform import databricks_mws_permission_assignment.this "workspace_id|principal_id"The following resources are used in the same context:
- databricks_group to manage groups in Databricks Workspace or Account Console (for AWS deployments).
- databricks_group data to retrieve information about databricks_group members, entitlements and instance profiles.
- databricks_group_member to attach users and groups as group members.
- databricks_permission_assignment to manage permission assignment from a workspace context