How to create a custom Role in Azure for LHO to use (AWS)

Lakehouse Optimizer requires only read permission to list Databricks Workspaces. Therefore, in order to limit the rights only to this permission, create a custom role with only this permission.

For example, BplmDatabricksReader is a custom role configured to provide only “List workspaces” rights for Databricks.

The prebuilt Reader role provide access to too many resources which are not required by LHO to function properly.

Prerequisite

the signed in user creating the custom role needs to have User Access Administrator role assigned on the selected Subscription

User Access Administrator role

Navigate to Azure Portal – Microsoft Azure

(1) Open Subscriptions

Azure Subscriptions

(2) Select Subscription on which you want to create the custom role with read access to list workspaces.

select Azure Subscription

(3) Open Access Control (IAM) panel

(4) Add custom Role

Add custom role

Lakehouse Optimizer requires only read permission to list Databricks Workspaces. Therefore, in order to limit the unnecessary rights, create a custom role with only this permission.

Custom Role name and description

select only “Read - List Databricks Workspaces”

Click “Review + create”

click “Review + create”

Review custom role

Review and create

confirmation message for created custom role

Once this custom role is created you can use it for LHO configuration.

Related Articles

How to Add New Users for LHO on Azure

Blueprint Lakehouse Optimizer Documentation

How to create a custom Role in Azure for LHO to use (AWS)

Related content