Viewing docs for Databricks v0.4.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Viewing docs for Databricks v0.4.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
This resource configures the security policy, databricks_instance_profile, and data access properties for all databricks.SqlEndpoint of workspace. Please note that changing parameters of this resources will restart all running databricks_sql_endpoint. To use this resource you need to be an administrator.
Related Resources
The following resources are often used in the same context:
- End to end workspace management guide.
- databricks.InstanceProfile to manage AWS EC2 instance profiles that users can launch databricks.Cluster and access data, like databricks_mount.
- databricks.SqlDashboard to manage Databricks SQL Dashboards.
- databricks.SqlEndpoint to manage Databricks SQL Endpoints.
- databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more.
Example Usage
AWS example
using Pulumi;
using Databricks = Pulumi.Databricks;
class MyStack : Stack
{
public MyStack()
{
var @this = new Databricks.SqlGlobalConfig("this", new Databricks.SqlGlobalConfigArgs
{
SecurityPolicy = "DATA_ACCESS_CONTROL",
InstanceProfileArn = "arn:....",
DataAccessConfig =
{
{ "spark.sql.session.timeZone", "UTC" },
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewSqlGlobalConfig(ctx, "this", &databricks.SqlGlobalConfigArgs{
SecurityPolicy: pulumi.String("DATA_ACCESS_CONTROL"),
InstanceProfileArn: pulumi.String("arn:...."),
DataAccessConfig: pulumi.AnyMap{
"spark.sql.session.timeZone": pulumi.Any("UTC"),
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.SqlGlobalConfig("this", {
securityPolicy: "DATA_ACCESS_CONTROL",
instanceProfileArn: "arn:....",
dataAccessConfig: {
"spark.sql.session.timeZone": "UTC",
},
});
import pulumi
import pulumi_databricks as databricks
this = databricks.SqlGlobalConfig("this",
security_policy="DATA_ACCESS_CONTROL",
instance_profile_arn="arn:....",
data_access_config={
"spark.sql.session.timeZone": "UTC",
})
Example coming soon!
Azure example
using Pulumi;
using Databricks = Pulumi.Databricks;
class MyStack : Stack
{
public MyStack()
{
var @this = new Databricks.SqlGlobalConfig("this", new Databricks.SqlGlobalConfigArgs
{
SecurityPolicy = "DATA_ACCESS_CONTROL",
DataAccessConfig =
{
{ "spark.hadoop.fs.azure.account.auth.type", "OAuth" },
{ "spark.hadoop.fs.azure.account.oauth.provider.type", "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider" },
{ "spark.hadoop.fs.azure.account.oauth2.client.id", @var.Tenant_id },
{ "spark.hadoop.fs.azure.account.oauth2.client.secret", $"{{{{secrets/{local.Secret_scope}/{local.Secret_key}}}}}" },
{ "spark.hadoop.fs.azure.account.oauth2.client.endpoint", $"https://login.microsoftonline.com/{@var.Tenant_id}/oauth2/token" },
},
SqlConfigParams =
{
{ "ANSI_MODE", "true" },
},
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewSqlGlobalConfig(ctx, "this", &databricks.SqlGlobalConfigArgs{
SecurityPolicy: pulumi.String("DATA_ACCESS_CONTROL"),
DataAccessConfig: pulumi.AnyMap{
"spark.hadoop.fs.azure.account.auth.type": pulumi.Any("OAuth"),
"spark.hadoop.fs.azure.account.oauth.provider.type": pulumi.Any("org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider"),
"spark.hadoop.fs.azure.account.oauth2.client.id": pulumi.Any(_var.Tenant_id),
"spark.hadoop.fs.azure.account.oauth2.client.secret": pulumi.Any(fmt.Sprintf("%v%v%v%v%v", "{{secrets/", local.Secret_scope, "/", local.Secret_key, "}}")),
"spark.hadoop.fs.azure.account.oauth2.client.endpoint": pulumi.Any(fmt.Sprintf("%v%v%v", "https://login.microsoftonline.com/", _var.Tenant_id, "/oauth2/token")),
},
SqlConfigParams: pulumi.AnyMap{
"ANSI_MODE": pulumi.Any("true"),
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.SqlGlobalConfig("this", {
securityPolicy: "DATA_ACCESS_CONTROL",
dataAccessConfig: {
"spark.hadoop.fs.azure.account.auth.type": "OAuth",
"spark.hadoop.fs.azure.account.oauth.provider.type": "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider",
"spark.hadoop.fs.azure.account.oauth2.client.id": _var.tenant_id,
"spark.hadoop.fs.azure.account.oauth2.client.secret": `{{secrets/${local.secret_scope}/${local.secret_key}}}`,
"spark.hadoop.fs.azure.account.oauth2.client.endpoint": `https://login.microsoftonline.com/${_var.tenant_id}/oauth2/token`,
},
sqlConfigParams: {
ANSI_MODE: "true",
},
});
import pulumi
import pulumi_databricks as databricks
this = databricks.SqlGlobalConfig("this",
security_policy="DATA_ACCESS_CONTROL",
data_access_config={
"spark.hadoop.fs.azure.account.auth.type": "OAuth",
"spark.hadoop.fs.azure.account.oauth.provider.type": "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider",
"spark.hadoop.fs.azure.account.oauth2.client.id": var["tenant_id"],
"spark.hadoop.fs.azure.account.oauth2.client.secret": f"{{{{secrets/{local['secret_scope']}/{local['secret_key']}}}}}",
"spark.hadoop.fs.azure.account.oauth2.client.endpoint": f"https://login.microsoftonline.com/{var['tenant_id']}/oauth2/token",
},
sql_config_params={
"ANSI_MODE": "true",
})
Example coming soon!
Create SqlGlobalConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SqlGlobalConfig(name: string, args?: SqlGlobalConfigArgs, opts?: CustomResourceOptions);@overload
def SqlGlobalConfig(resource_name: str,
args: Optional[SqlGlobalConfigArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def SqlGlobalConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
data_access_config: Optional[Mapping[str, Any]] = None,
enable_serverless_compute: Optional[bool] = None,
instance_profile_arn: Optional[str] = None,
security_policy: Optional[str] = None,
sql_config_params: Optional[Mapping[str, Any]] = None)func NewSqlGlobalConfig(ctx *Context, name string, args *SqlGlobalConfigArgs, opts ...ResourceOption) (*SqlGlobalConfig, error)public SqlGlobalConfig(string name, SqlGlobalConfigArgs? args = null, CustomResourceOptions? opts = null)
public SqlGlobalConfig(String name, SqlGlobalConfigArgs args)
public SqlGlobalConfig(String name, SqlGlobalConfigArgs args, CustomResourceOptions options)
type: databricks:SqlGlobalConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SqlGlobalConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SqlGlobalConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SqlGlobalConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SqlGlobalConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SqlGlobalConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sqlGlobalConfigResource = new Databricks.SqlGlobalConfig("sqlGlobalConfigResource", new()
{
DataAccessConfig =
{
{ "string", "any" },
},
EnableServerlessCompute = false,
InstanceProfileArn = "string",
SecurityPolicy = "string",
SqlConfigParams =
{
{ "string", "any" },
},
});
example, err := databricks.NewSqlGlobalConfig(ctx, "sqlGlobalConfigResource", &databricks.SqlGlobalConfigArgs{
DataAccessConfig: pulumi.Map{
"string": pulumi.Any("any"),
},
EnableServerlessCompute: pulumi.Bool(false),
InstanceProfileArn: pulumi.String("string"),
SecurityPolicy: pulumi.String("string"),
SqlConfigParams: pulumi.Map{
"string": pulumi.Any("any"),
},
})
var sqlGlobalConfigResource = new SqlGlobalConfig("sqlGlobalConfigResource", SqlGlobalConfigArgs.builder()
.dataAccessConfig(Map.of("string", "any"))
.enableServerlessCompute(false)
.instanceProfileArn("string")
.securityPolicy("string")
.sqlConfigParams(Map.of("string", "any"))
.build());
sql_global_config_resource = databricks.SqlGlobalConfig("sqlGlobalConfigResource",
data_access_config={
"string": "any",
},
enable_serverless_compute=False,
instance_profile_arn="string",
security_policy="string",
sql_config_params={
"string": "any",
})
const sqlGlobalConfigResource = new databricks.SqlGlobalConfig("sqlGlobalConfigResource", {
dataAccessConfig: {
string: "any",
},
enableServerlessCompute: false,
instanceProfileArn: "string",
securityPolicy: "string",
sqlConfigParams: {
string: "any",
},
});
type: databricks:SqlGlobalConfig
properties:
dataAccessConfig:
string: any
enableServerlessCompute: false
instanceProfileArn: string
securityPolicy: string
sqlConfigParams:
string: any
SqlGlobalConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SqlGlobalConfig resource accepts the following input properties:
- Data
Access Dictionary<string, object>Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- Enable
Serverless boolCompute - Instance
Profile stringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- Security
Policy string - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- Sql
Config Dictionary<string, object>Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- Data
Access map[string]interface{}Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- Enable
Serverless boolCompute - Instance
Profile stringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- Security
Policy string - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- Sql
Config map[string]interface{}Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data
Access Map<String,Object>Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable
Serverless BooleanCompute - instance
Profile StringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security
Policy String - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql
Config Map<String,Object>Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data
Access {[key: string]: any}Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable
Serverless booleanCompute - instance
Profile stringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security
Policy string - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql
Config {[key: string]: any}Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data_
access_ Mapping[str, Any]config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable_
serverless_ boolcompute - instance_
profile_ strarn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security_
policy str - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql_
config_ Mapping[str, Any]params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data
Access Map<Any>Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable
Serverless BooleanCompute - instance
Profile StringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security
Policy String - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql
Config Map<Any>Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
Outputs
All input properties are implicitly available as output properties. Additionally, the SqlGlobalConfig resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SqlGlobalConfig Resource
Get an existing SqlGlobalConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SqlGlobalConfigState, opts?: CustomResourceOptions): SqlGlobalConfig@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
data_access_config: Optional[Mapping[str, Any]] = None,
enable_serverless_compute: Optional[bool] = None,
instance_profile_arn: Optional[str] = None,
security_policy: Optional[str] = None,
sql_config_params: Optional[Mapping[str, Any]] = None) -> SqlGlobalConfigfunc GetSqlGlobalConfig(ctx *Context, name string, id IDInput, state *SqlGlobalConfigState, opts ...ResourceOption) (*SqlGlobalConfig, error)public static SqlGlobalConfig Get(string name, Input<string> id, SqlGlobalConfigState? state, CustomResourceOptions? opts = null)public static SqlGlobalConfig get(String name, Output<String> id, SqlGlobalConfigState state, CustomResourceOptions options)resources: _: type: databricks:SqlGlobalConfig get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Data
Access Dictionary<string, object>Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- Enable
Serverless boolCompute - Instance
Profile stringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- Security
Policy string - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- Sql
Config Dictionary<string, object>Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- Data
Access map[string]interface{}Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- Enable
Serverless boolCompute - Instance
Profile stringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- Security
Policy string - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- Sql
Config map[string]interface{}Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data
Access Map<String,Object>Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable
Serverless BooleanCompute - instance
Profile StringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security
Policy String - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql
Config Map<String,Object>Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data
Access {[key: string]: any}Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable
Serverless booleanCompute - instance
Profile stringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security
Policy string - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql
Config {[key: string]: any}Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data_
access_ Mapping[str, Any]config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable_
serverless_ boolcompute - instance_
profile_ strarn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security_
policy str - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql_
config_ Mapping[str, Any]params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
- data
Access Map<Any>Config - data access configuration for databricks_sql_endpoint, such as configuration for an external Hive metastore, Hadoop Filesystem configuration, etc. Please note that the list of supported configuration properties is limited, so refer to the documentation for a full list. Apply will fail if you're specifying not permitted configuration.
- enable
Serverless BooleanCompute - instance
Profile StringArn - databricks.InstanceProfile used to access storage from databricks_sql_endpoint. Please note that this parameter is only for AWS, and will generate an error if used on other clouds.
- security
Policy String - The policy for controlling access to datasets. Default value:
DATA_ACCESS_CONTROL, consult documentation for list of possible values
- The policy for controlling access to datasets. Default value:
- sql
Config Map<Any>Params - SQL Configuration Parameters let you override the default behavior for all sessions with all endpoints.
Import
You can import a databricks_sql_global_config resource with command like the following (you need to use global as ID)bash
$ pulumi import databricks:index/sqlGlobalConfig:SqlGlobalConfig this global
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.
Viewing docs for Databricks v0.4.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
