service_principal.md

subcategory
Security

databricks_service_principal Resource

Directly manage Service Principals that could be added to databricks_group within workspace.

Example Usage

Creating regular service principal:

resource "databricks_service_principal" "sp" {
  application_id = "00000000-0000-0000-0000-000000000000"
}

Creating service principal with administrative permissions - referencing special admins databricks_group in databricks_group_member resource:

data "databricks_group" "admins" {
  display_name = "admins"
}

resource "databricks_service_principal" "sp" {
  application_id = "00000000-0000-0000-0000-000000000000"
}

resource "databricks_group_member" "i-am-admin" {
  group_id  = data.databricks_group.admins.id
  member_id = databricks_service_principal.sp.id
}

Creating service principal with cluster create permissions:

resource "databricks_service_principal" "sp" {
  application_id       = "00000000-0000-0000-0000-000000000000"
  display_name         = "Example service principal"
  allow_cluster_create = true
}

Argument Reference

-> application_id is required on Azure Databricks and is not allowed on other clouds. display_name is required on all clouds except Azure.

The following arguments are available:

• application_id - This is the application id of the given service principal and will be their form of access and identity. On other clouds than Azure this value is auto-generated.
• display_name - (Required) This is an alias for the service principal and can be the full name of the service principal.
• allow_cluster_create - (Optional) Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks_permissions and cluster_id argument. Everyone without allow_cluster_create argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
• allow_instance_pool_create - (Optional) Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks_permissions and instance_pool_id argument.
• databricks_sql_access - (Optional) This is a field to allow the group to have access to Databricks SQL feature through databricks_sql_endpoint.
• workspace_access - (Optional) This is a field to allow the group to have access to Databricks Workspace.
• active - (Optional) Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.

Attribute Reference

In addition to all arguments above, the following attributes are exported:

• id - Canonical unique identifier for the service principal.

Import

The resource scim service principal can be imported using id:

$ terraform import databricks_service_principal.me <service-principal-id>

Related Resources

The following resources are often used in the same context:

• End to end workspace management guide.
• databricks_group to manage groups in Databricks Workspace or Account Console (for AWS deployments).
• databricks_group data to retrieve information about databricks_group members, entitlements and instance profiles.
• databricks_group_member to attach users and groups as group members.
• databricks_permissions to manage access control in Databricks workspace.
• databricks_sql_permissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.