Action not working with Azure SPN via Azure Entra ID/Azure AD.

[anuthereaper]

I'm attempting to submit a databricks job using this action via Github actions workflow. I got the github workflow running successfully using a personal access token and attempted to update it to use Azure AD instead. First, I created an app registration with a secret and gave it contributor access to my workspace. I then added the SPN within my workspace and gave it the "Can manage run" permissions for the specific Databricks job.
The code I have to do this is below :

name: 
`Run pre-merge Databricks tests`
on:
  pull_request:
  workflow_dispatch:

env:
  # Replace this value with your workspace instance name.
  DATABRICKS_HOST: https://adb-xxxxxxxxxxxxxxxxxxx.azuredatabricks.net

jobs:
  unit-test-notebook:
    runs-on: ubuntu-latest
    timeout-minutes: 15

    steps:
      - name: Generate AAD Token
        run: |
          echo "DATABRICKS_TOKEN1=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
          https://login.microsoftonline.com/${{ secrets.AZURE_SP_TENANT_ID }}/oauth2/v2.0/token \
          -d 'client_id=${{ secrets.AZURE_SP_APPLICATION_ID }}' \
          -d 'grant_type=client_credentials' \
          -d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \
          -d 'client_secret=${{ secrets.AZURE_SP_CLIENT_SECRET }}' |  jq -r  '.access_token')" >> $GITHUB_ENV
      - name: Checkout repo
        uses: actions/checkout@v2
      - name: Run test notebook
        uses: databricks/run-notebook@main
        with:
          databricks-token: $DATABRICKS_TOKEN1
          local-notebook-path: notebooks/run_unit_tests.py
          existing-cluster-id: 1005-025142-oylnzzyy
          git-commit: "${{ github.event.pull_request.head.sha }}"

          # Grant all users view permission on the notebook's results, so that they can
          # see the result of the notebook, if they have related access permissions.
          access-control-list-json: >
            [
              {
                "group_name": "users",
                "permission_level": "CAN_VIEW"
              }
            ]
          run-name: "EDA transforms helper module unit tests"

When I run this, the github action fails with the following error.
Error: {"error_code":"PERMISSION_DENIED","message":"*** does not have View permissions on 83958068369529. Please contact the owner or an administrator for access."}

I am not able to find any information on this error and I can't tell what 83958068369529 relates to.

To dig a bit more, I tried firing the run-now Databricks job API via Postman after getting the bearer token from Azure AD using the AD credentials and that also worked fine. This tells me that the permissions on the SPN are correct and that there may be some problem with the Databricks github action itself when using Azure Service Principal.

I had raised this question on stack overflow but didn't receive any response.

[shaneward]

@anuthereaper I experienced a similar error (...does not have View permissions on 0) and was able to resolve via the Databricks admin UI by:

• granting the Service principal the Service principal: User Role
• making the Service principal a member of the admins Group

https://learn.microsoft.com/en-au/azure/databricks/administration-guide/users-groups/service-principals#manage-sp-permissions