How to make service principals and groups workspace admins

Instructions for setting in the UI.

Written by walter.camacho

Last published at: July 17th, 2025

Introduction

When members of the group or the service principal try to perform a given action, they receive an INSUFFICIENT_PERMISSIONS error.

 

You navigate to the group and service principal entitlement settings in your workspace and notice there is no longer a checkbox option to give workspace admin permission directly. 

 

It is still possible to grant the permissions, separately for tracking purposes if needed. Follow the instructions below for service principals and then groups.

 

Instructions

For service principals

You need to be at least a workspace admin to complete these steps.

  1. Create a service principal (SP) in the workspace (any workspace). 
    1. If you are in a Unity Catalog workspace, you can alternatively assign an account console SP. Refer to the Manage service principals (AWSAzureGCP) documentation for the creation process.
  2. Once you have your existing or newly created SP assigned to your workspace, navigate to Settings > Identity and Access > Groups.
  3. Search for a group called admins and add your SP as a member of this group.
  4. This automatically allows the SP to inherit permissions.

 

For groups

You need to be an account console admin to complete these steps and your workspace needs to be Unity Catalog-enabled.

  1. Go to your respective account console URL and log in.  
    1. AWS: accounts.cloud.databricks.com
    2. AZURE: accounts.azuredatabricks.net
    3. GCP: accounts.gcp.databricks.com
  2. Click User Management in the sidebar. 
  3. Click the Groups tab. 
    1. If you need to create a new group, click Add group and create the new group.
    2. If you need to update an existing group, click the group name and click Add members to add new members to the group.
  4. Click Workspaces in the sidebar.
  5. Click the workspace name that you want to update.
  6. Click the Permissions tab. 
  7. Click Add permissions.
  8. Search for the group and select Admin in the Permission drop down.
  9. Click Save.
  10. This adds your group on the admins group on your workspace. The group inherits the workspace admin permissions.