terraform-provider-databricks icon indicating copy to clipboard operation
terraform-provider-databricks copied to clipboard
verified publisher icon databricks

[FEATURE] Support getting account level `databricks_group` for workspace admins

Open sebbegg opened this issue 2 years ago • 7 comments

Use-cases

We're managing a few databricks workspaces and would like to migrate to more unity catalog features. When trying to use databricks_permission_assignment to add an account level group to the workspace this fails, since we don't have account level permissions.

It appears that the {workspace-domain}/api/2.0/account/scim/v2/ API documented here: https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/groups#--manage-account-groups-using-the-api is not supported / implemented.

Attempted Solutions

Tried fetching account-level group information via the account api.

Proposal

Not sure to be honest. Since this is a workspace api it would probably be appropriate to have some flag on the databricks_group|user|service_principal?

References

(https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/groups#--manage-account-groups-using-the-api)

sebbegg avatar Mar 29 '24 07:03 sebbegg

+1 for this feature request

pcsrijith avatar Aug 09 '24 16:08 pcsrijith

hey @alexott , @sebbegg

It will be great if this is implemented. It will ease the permissions management especially around isolating IaC for different Databricks projects in big organizations. (managing groups will not require admin permissions anymore)

VOVELEE avatar Aug 28 '24 10:08 VOVELEE

We are dependent on the availability of corresponding APIs - when it will be available, then implementation starts

alexott avatar Aug 28 '24 10:08 alexott

yes, I saw the comment in #1944 . I hope Databricks team will release this soon :)

VOVELEE avatar Aug 28 '24 10:08 VOVELEE