Databricks cluster usage permissions

MarekVitez · July 19, 2023, 7:18am

Hi,
I am trying to manage Azure databricks cluster usage using databricks_permissions resource:

resource "databricks_permissions" "cluster_usage" {
  cluster_id = databricks_cluster.shared_autoscaling.id

  access_control {
    group_name       = "aad_group_name"
    permission_level = "CAN_ATTACH_TO"
  }
}

we’re following Microsoft’s best practices and we’re using only account level groups. We have enabled identity federation for all our workspaces too. However, when trying to deploy (terraform apply) resource block from above, terraform returns an error:

Error: cannot update permissions: Principal: GroupName(aad_group_name) does not exist

This group exists in databricks, at account level though. So I created this group “aad_group_name” in databricks on workspace level, and that worked fine.
My question is, when using databricks_permissions resource, am I limited to use workspace-level group(s) only?
All the documentation about this resource seems to use workspace level groups, but then it conflicts with Microsoft recommendation to use account-level groups in Databricks.

MattCosturos · March 20, 2025, 8:45pm

2 year late, I ran into this issue as well.

I was able to go into Databricks, and add the account level groups to the workspace manually. Then Terraform / Databricks provider was able to see the group for the permissions.

Not sure if there is a way to have terraform add the group to the workspace after creating it.

Topic		Replies	Views
Databricks_cluster in wrong workspace Terraform Providers azure	0	365	July 29, 2022
Azure Databricks cluster creation using terraform Terraform	1	2911	August 2, 2020
Can't set Databricks account admin using Terraform Terraform Providers	4	1211	July 26, 2023
Databricks_secret_acl Resource Terraform	1	621	May 31, 2022
Could not create private workspace in azure databricks Terraform Providers	1	2358	November 24, 2021

Databricks cluster usage permissions

Related topics