ucx [FEATURE]: Create Account group equivalent for the workspace admin group

[FEATURE]: Create Account group equivalent for the workspace admin group

Open HariGS-DB opened this issue 10 months ago • 0 comments

Is there an existing issue for this?

[X] I have searched the existing issues

Problem statement

Currently when we migrate workspace local group to account level, there isn't an equivalent group for workspace admins. Workspace admin will have access to Table ACL table and Underlying storage access through interactive clusters, There permission is lost when moving to UC.

Related Issue:

https://github.com/databrickslabs/ucx/issues/1193
https://github.com/databrickslabs/ucx/issues/1192
https://github.com/databrickslabs/ucx/issues/907
https://github.com/databrickslabs/ucx/issues/887

Proposed Solution

rely on the output of "sync-workspace-info" to retrieve a current workspace group name
account group should be f'{workapace_name}_admins'
Create a workspace admin group equivalent in the account level.
grant access to that group on the interactive clusters underlying data in catalog, schema, tables and external locations

Additional Context

No response

Mar 31 '24 22:03 HariGS-DB

ucx ucx copied to clipboard

[FEATURE]: Create Account group equivalent for the workspace admin group

Is there an existing issue for this?

Problem statement

Proposed Solution

Additional Context

ucx
ucx copied to clipboard