databricks_user Resource

This resource allows you to manage users in Databricks Workspace, Databricks Account Console or Azure Databricks Account Console. You can also associate Databricks users to databricks_group. Upon user creation the user will receive a password reset email. You can also get information about caller identity using databricks_current_user data source.

To create users in the Databricks account, the provider must be configured with host = "https://accounts.cloud.databricks.com" on AWS deployments or host = "https://accounts.azuredatabricks.net" and authenticate using AAD tokens on Azure deployments.

The default behavior when deleting a databricks_user resource depends on whether the provider is configured at the workspace-level or account-level. When the provider is configured at the workspace-level, the user will be deleted from the workspace. When the provider is configured at the account-level, the user will be deactivated but not deleted. When the provider is configured at the account level, to delete the user from the account when the resource is deleted, set disable_as_user_deletion = false. Conversely, when the provider is configured at the account-level, to deactivate the user when the resource is deleted, set disable_as_user_deletion = true.

Example Usage

Creating regular user:

resource "databricks_user" "me" {
  user_name = "me@example.com"
}

Creating user with administrative permissions - referencing special admins databricks_group in databricks_group_member resource:

data "databricks_group" "admins" {
  display_name = "admins"
}

resource "databricks_user" "me" {
  user_name = "me@example.com"
}

resource "databricks_group_member" "i-am-admin" {
  group_id  = data.databricks_group.admins.id
  member_id = databricks_user.me.id
}

Creating user with cluster create permissions:

resource "databricks_user" "me" {
  user_name            = "me@example.com"
  display_name         = "Example user"
  allow_cluster_create = true
}

Creating user in AWS Databricks account:

// initialize provider at account-level
provider "databricks" {
  alias         = "mws"
  host          = "https://accounts.cloud.databricks.com"
  account_id    = "00000000-0000-0000-0000-000000000000"
  client_id     = var.client_id
  client_secret = var.client_secret
}

resource "databricks_user" "account_user" {
  provider     = databricks.mws
  user_name    = "me@example.com"
  display_name = "Example user"
}

Creating user in Azure Databricks account:

// initialize provider at Azure account-level
provider "databricks" {
  alias      = "azure_account"
  host       = "https://accounts.azuredatabricks.net"
  account_id = "00000000-0000-0000-0000-000000000000"
  auth_type  = "azure-cli"
}

resource "databricks_user" "account_user" {
  provider     = databricks.azure_account
  user_name    = "me@example.com"
  display_name = "Example user"
}

Argument Reference

The following arguments are available:

Attribute Reference

In addition to all arguments above, the following attributes are exported:

Import

The resource scim user can be imported using id:

terraform import databricks_user.me <user-id>

The following resources are often used in the same context: