subcategory |
---|
Security |
These resources are invoked in the account context. Permission Assignment Account API endpoints are restricted to account admins. Provider must have account_id
attribute configured. Account Id that could be found in the bottom left corner of Accounts Console
In account context, adding account-level group to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_group" "data_eng" {
display_name = "Data Engineering"
}
resource "databricks_mws_permission_assignment" "add_admin_group" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_group.data_eng.id
permissions = ["ADMIN"]
}
In account context, adding account-level user to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_user" "me" {
user_name = "me@example.com"
}
resource "databricks_mws_permission_assignment" "add_user" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_user.me.id
permissions = ["USER"]
}
In account context, adding account-level service principal to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_service_principal" "sp" {
display_name = "Automation-only SP"
}
resource "databricks_mws_permission_assignment" "add_admin_spn" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_service_principal.sp.id
permissions = ["ADMIN"]
}
The following arguments are required:
workspace_id
- Databricks workspace ID.principal_id
- Databricks ID of the user, service principal, or group. The principal ID can be retrieved using the SCIM API, or using databricks_user, databricks_service_principal or databricks_group data sources.permissions
- The list of workspace permissions to assign to the principal:"USER"
- Can access the workspace with basic privileges."ADMIN"
- Can access the workspace and has workspace admin privileges to manage users and groups, workspace configurations, and more.
The resource databricks_mws_permission_assignment
can be imported using the workspace id and principal id
terraform import databricks_mws_permission_assignment.this "workspace_id|principal_id"
The following resources are used in the same context:
- databricks_group to manage groups in Databricks Workspace or Account Console (for AWS deployments).
- databricks_group data to retrieve information about databricks_group members, entitlements and instance profiles.
- databricks_group_member to attach users and groups as group members.
- databricks_permission_assignment to manage permission assignment from a workspace context