These resources are invoked in the account context. Permission Assignment Account API endpoints are restricted to account admins. Provider must have account_id
attribute configured. Account Id that could be found in the top right corner of Accounts Console
In account context, adding account-level group to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_group" "data_eng" {
display_name = "Data Engineering"
}
resource "databricks_mws_permission_assignment" "add_admin_group" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_group.data_eng.id
permissions = ["ADMIN"]
}
In account context, adding account-level user to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_user" "me" {
user_name = "me@example.com"
}
resource "databricks_mws_permission_assignment" "add_user" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_user.me.id
permissions = ["USER"]
}
In account context, adding account-level service principal to a workspace:
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_service_principal" "sp" {
display_name = "Automation-only SP"
}
resource "databricks_mws_permission_assignment" "add_admin_spn" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_service_principal.sp.id
permissions = ["ADMIN"]
}
The following arguments are required:
workspace_id
- Databricks workspace ID.principal_id
- Databricks ID of the user, service principal, or group. The principal ID can be retrieved using the SCIM API, or using databricks_user, databricks_service_principal or databricks_group data sources.permissions
- The list of workspace permissions to assign to the principal:
"USER"
- Can access the workspace with basic privileges."ADMIN"
- Can access the workspace and has workspace admin privileges to manage users and groups, workspace configurations, and more.In addition to all arguments above, the following attributes are exported:
id
- ID of the permission assignment in form of workspace_id|principal_id
.The resource databricks_mws_permission_assignment
can be imported using the workspace id and principal id
terraform import databricks_mws_permission_assignment.this "workspace_id|principal_id"
The following resources are used in the same context: