How to create a custom Role in Azure for LHO to use

Owned by Ciprian LUCACI
Last updated: Mar 27, 2024
2 min read

Lakehouse Optimizer requires only read permission to list Databricks Workspaces. Therefore, in order to limit the rights only to this permission, create a custom role with only this permission.

For example, BplmDatabricksReader is a custom role configured to provide only “List workspaces” rights for Databricks.

The prebuilt Reader role provide access to too many resources which are not required by LHO to function properly.

 

Prerequisite

  • the signed in user creating the custom role needs to have User Access Administrator role assigned on the selected Subscription

image-20240327-104058.png
User Access Administrator role

 

Navigate to Azure Portal – https://portal.azure.com/

 

(1) Open Subscriptions

image-20240327-095717.png
Azure Subscriptions

 

(2) Select Subscription on which you want to create the custom role with read access to list workspaces.

 

(3) Open Access Control (IAM) panel

 

(4) Add custom Role

 

Lakehouse Optimizer requires only read permission to list Databricks Workspaces. Therefore, in order to limit the unnecessary rights, create a custom role with only this permission.

 

 

Click “Review + create

 

Review custom role

 

 

 

Once this custom role is created you can use it for LHO configuration.