Jobs in SQL Warehouse returning 403 error

Modify the service account permissions, regenerate the token, and verify permissions are set.

Written by katherine.delgado

Last published at: January 31st, 2025

Problem

When running jobs in SQL Warehouse, you receive 403 errors. 

 

Cause

The service account used to execute the jobs does not have sufficient permissions. The service account should have at least CAN USE or CAN MANAGE

 

Solution

First, modify the service account permissions.

  1. Log in to your Databricks workspace as an administrator.
  2. Navigate to SQL Warehouse settings and click Permissions.
  3. Locate the service account used to execute the jobs.
  4. Click the three dots next to the service account and select Edit Permissions.
  5. From the dropdown menu, select either "Can Use" or "Can Manage".
  6. Click Save to apply the changes.

 

Next, regenerate the token for the service account.

  1. Log in to the Databricks workspace using the service account.
  2. Go to User Settings > Access Tokens.
  3. Click Generate New Token and follow the prompts to create a new token.
  4. Update the job configuration with the new token.

 

Then, verify permissions are set for the service account. 

  1. Log in to the Databricks workspace as an administrator.
  2. Navigate to SQL Warehouse settings and click Permissions.
  3. Confirm the service account now has "Can Use" or "Can Manage" permissions.

 

Last, re-run the job with the updated token and ensure the 403 error doesn’t occur again.