databricks_restrict_workspace_admins_setting Resource
The databricks_restrict_workspace_admins_setting
resource lets you control the capabilities of workspace admins.
With the status set to ALLOW_ALL
, workspace admins can:
- Create service principal personal access tokens on behalf of any service principal in their workspace.
- Change a job owner to any user in the workspace.
- Change the job run_as setting to any user in their workspace or a service principal on which they have the Service Principal User role.
With the status set to RESTRICT_TOKENS_AND_JOB_RUN_AS
, workspace admins can:
- Only create personal access tokens on behalf of service principals on which they have the Service Principal User role.
- Only change a job owner to themselves.
- Only change the job run_as setting to themselves a service principal on which they have the Service Principal User role.
Example Usage
resource "databricks_restrict_workspace_admins_setting" "this" {
restrict_workspace_admins {
status = "RESTRICT_TOKENS_AND_JOB_RUN_AS"
}
}
Argument Reference
The resource supports the following arguments:
restrict_workspace_admins
- (Required) The configuration details.
status
- (Required) The restrict workspace admins status for the workspace.
Import
This resource can be imported by predefined name global
:
terraform import databricks_restrict_workspace_admins_setting.this global