databricks · denik · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026
@@ -6,6 +6,7 @@
 
 ### Bundles
 * Added permissions support for Lakebase Database projects ([#4626](https://github.com/databricks/cli/pull/4626))
+* Added CREATE_MODEL_VERSION to a list of acceptable grants values ([#4652](https://github.com/databricks/cli/pull/4652))
 
 ### Dependency updates
 

@@ -0,0 +1,41 @@
+# https://github.com/databricks/cli/issues/3821
+bundle:
+  name: test-bundle-$UNIQUE_NAME
+
+variables:
+  schema_permissions:
+    description: list of permissions to grant users to a schema
+    type: complex
+    default:
+      # Prerequisite
+      # - USE_SCHEMA # Does not give any abilities, but is an additional requirement to perform any action on a schema object
+      # Metadata
+      - APPLY_TAG # Gives ability to apply tags to an object
+      # Read
+      # - EXECUTE # Gives ability to use a function or model
+      # - READ_VOLUME # Gives ability to use a function or model
+      # - SELECT # Gives read access to an object
+      # Edit
+      - MODIFY # Gives ability to add, delete, and modify data to or from an object
+      - REFRESH # Gives ability to refresh a materialized view
+      - WRITE_VOLUME # Gives ability to write to a volume
+      # Create
+      - CREATE_FUNCTION # Gives ability to create a function in a schema
+      - CREATE_MATERIALIZED_VIEW # Gives ability to create a materialized view
+      - CREATE_MODEL # Gives ability to create a new machine learning model
+      - CREATE_MODEL_VERSION # Gives ability to create a model version on an existing machine learning model
+      - CREATE_TABLE # Gives ability to create tables
+      - CREATE_VOLUME # Gives ability to create volumes
+      # Other
+      # - ALL_PRIVILEGES # Gives all privileges (including future ones)
+      # - EXTERNAL_USE_SCHEMA # Gives ability to access objects from external engines
+      - MANAGE # Gives ownership-like ability for the object, such as managing permissions, dropping, or renaming
+
+resources:
+  schemas:
+    bronze_dma_raw:
+      catalog_name: main
+      name: myschema-$UNIQUE_NAME
+      grants:
+       - principal: $CURRENT_USER_NAME
+         privileges: ${var.schema_permissions}
@@ -0,0 +1,60 @@
+
+>>> [CLI] bundle validate
+Name: test-bundle-[UNIQUE_NAME]
+Target: default
+Workspace:
+  User: [USERNAME]
+  Path: /Workspace/Users/[USERNAME]/.bundle/test-bundle-[UNIQUE_NAME]/default
+
+Validation OK!
+
+>>> [CLI] bundle deploy
+Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/test-bundle-[UNIQUE_NAME]/default/files...
+Deploying resources...
+Updating deployment state...
+Deployment complete!
+
+>>> [CLI] grants get schema main.myschema-[UNIQUE_NAME]
+{
+  "privilege_assignments": [
+    {
+      "principal":"[USERNAME]",
+      "privileges": [
+        "APPLY_TAG",
+        "CREATE_FUNCTION",
+        "CREATE_MATERIALIZED_VIEW",
+        "CREATE_MODEL",
+        "CREATE_MODEL_VERSION",
+        "CREATE_TABLE",
+        "CREATE_VOLUME",
+        "MANAGE",
+        "MODIFY",
+        "REFRESH",
+        "WRITE_VOLUME"
+      ]
+    }
+  ]
+}
+
+>>> [CLI] bundle validate
+Warning: invalid value "CREATE_TABLE_INVALID_GRANT" for enum field. Valid values are [ALL_PRIVILEGES APPLY_TAG CREATE_FUNCTION CREATE_MATERIALIZED_VIEW CREATE_MODEL CREATE_MODEL_VERSION CREATE_TABLE CREATE_VOLUME EXECUTE EXTERNAL_USE_SCHEMA MANAGE MODIFY READ_VOLUME REFRESH SELECT USE_SCHEMA WRITE_VOLUME]
+  at resources.schemas.bronze_dma_raw.grants[0].privileges[8]
+  in databricks.yml:27:9
+
+Name: test-bundle-[UNIQUE_NAME]
+Target: default
+Workspace:
+  User: [USERNAME]
+  Path: /Workspace/Users/[USERNAME]/.bundle/test-bundle-[UNIQUE_NAME]/default
+
+Found 1 warning
+
+>>> [CLI] bundle deploy
+Warning: invalid value "CREATE_TABLE_INVALID_GRANT" for enum field. Valid values are [ALL_PRIVILEGES APPLY_TAG CREATE_FUNCTION CREATE_MATERIALIZED_VIEW CREATE_MODEL CREATE_MODEL_VERSION CREATE_TABLE CREATE_VOLUME EXECUTE EXTERNAL_USE_SCHEMA MANAGE MODIFY READ_VOLUME REFRESH SELECT USE_SCHEMA WRITE_VOLUME]
+  at resources.schemas.bronze_dma_raw.grants[0].privileges[8]
+  in databricks.yml:27:9
+
+Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/test-bundle-[UNIQUE_NAME]/default/files...
+Deploying resources...
+Updating deployment state...
+Deployment complete!
@@ -0,0 +1,8 @@
+envsubst < databricks.yml.tmpl > databricks.yml
+trace $CLI bundle validate
+trace $CLI bundle deploy
+trace $CLI grants get schema main.myschema-$UNIQUE_NAME
+
+update_file.py databricks.yml CREATE_TABLE CREATE_TABLE_INVALID_GRANT
+trace $CLI bundle validate 2>&1 | contains.py "Warning"
+trace $CLI bundle deploy > out.deploy_error.$DATABRICKS_BUNDLE_ENGINE.txt
@@ -0,0 +1,2 @@
+Cloud = true
+RecordRequests = false
@@ -22,6 +22,7 @@ const (
 	SchemaGrantPrivilegeCreateFunction         SchemaGrantPrivilege = "CREATE_FUNCTION"
 	SchemaGrantPrivilegeCreateMaterializedView SchemaGrantPrivilege = "CREATE_MATERIALIZED_VIEW"
 	SchemaGrantPrivilegeCreateModel            SchemaGrantPrivilege = "CREATE_MODEL"
+	SchemaGrantPrivilegeCreateModelVersion     SchemaGrantPrivilege = "CREATE_MODEL_VERSION"
 	SchemaGrantPrivilegeCreateTable            SchemaGrantPrivilege = "CREATE_TABLE"
 	SchemaGrantPrivilegeCreateVolume           SchemaGrantPrivilege = "CREATE_VOLUME"
 	SchemaGrantPrivilegeExecute                SchemaGrantPrivilege = "EXECUTE"
@@ -43,6 +44,7 @@ func (SchemaGrantPrivilege) Values() []SchemaGrantPrivilege {
 		SchemaGrantPrivilegeCreateFunction,
 		SchemaGrantPrivilegeCreateMaterializedView,
 		SchemaGrantPrivilegeCreateModel,
+		SchemaGrantPrivilegeCreateModelVersion,
 		SchemaGrantPrivilegeCreateTable,
 		SchemaGrantPrivilegeCreateVolume,
 		SchemaGrantPrivilegeExecute,

@@ -47,6 +47,9 @@ github.com/databricks/cli/bundle/config/resources.App:
   "effective_usage_policy_id":
     "description": |-
       PLACEHOLDER
+  "git_source":
+    "description": |-
+      PLACEHOLDER
   "lifecycle":
     "description": |-
       Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.
@@ -267,6 +270,13 @@ github.com/databricks/cli/bundle/config/resources.DatabaseProjectPermissionLevel
         CAN_USE
       - |-
         CAN_MANAGE
+github.com/databricks/cli/bundle/config/resources.ExternalLocation:
+  "grants":
+    "description": |-
+      PLACEHOLDER
+  "lifecycle":
+    "description": |-
+      PLACEHOLDER
 github.com/databricks/cli/bundle/config/resources.ExternalLocationGrantPrivilege:
   "_":
     "description": |-

@@ -139,6 +139,11 @@
                     "doNotSuggest": true,
                     "x-since-version": "v0.283.0"
                   },
+                  "git_source": {
+                    "description": "Git source configuration for app deployments. Specifies which git reference (branch, tag, or commit)\nto use when deploying the app. Used in conjunction with git_repository to deploy code directly from git.\nThe source_code_path within git_source specifies the relative path to the app code within the repository.",
+                    "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/apps.GitSource",
+                    "x-since-version": "v0.290.0"
+                  },
                   "lifecycle": {
                     "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.",
                     "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle",
@@ -166,7 +171,8 @@
                     "description": "Name of the space this app belongs to.",
                     "$ref": "#/$defs/string",
                     "x-databricks-preview": "PRIVATE",
-                    "doNotSuggest": true
+                    "doNotSuggest": true,
+                    "x-since-version": "v0.290.0"
                   },
                   "usage_policy_id": {
                     "$ref": "#/$defs/string",
@@ -179,7 +185,6 @@
                 },
                 "additionalProperties": false,
                 "required": [
-                  "source_code_path",
                   "name"
                 ]
               },
@@ -1641,7 +1646,8 @@
                     "x-since-version": "v0.287.0"
                   },
                   "group": {
-                    "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/postgres.EndpointGroupSpec"
+                    "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/postgres.EndpointGroupSpec",
+                    "x-since-version": "v0.290.0"
                   },
                   "lifecycle": {
                     "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle",
@@ -1675,10 +1681,12 @@
                 "type": "object",
                 "properties": {
                   "budget_policy_id": {
-                    "$ref": "#/$defs/string"
+                    "$ref": "#/$defs/string",
+                    "x-since-version": "v0.290.0"
                   },
                   "custom_tags": {
-                    "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/postgres.ProjectCustomTag"
+                    "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/postgres.ProjectCustomTag",
+                    "x-since-version": "v0.290.0"
                   },
                   "default_endpoint_settings": {
                     "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/postgres.ProjectDefaultEndpointSettings",
@@ -3082,7 +3090,8 @@
                 "app": {
                   "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/apps.AppResourceApp",
                   "x-databricks-preview": "PRIVATE",
-                  "doNotSuggest": true
+                  "doNotSuggest": true,
+                  "x-since-version": "v0.290.0"
                 },
                 "database": {
                   "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/apps.AppResourceDatabase",
@@ -5290,7 +5299,8 @@
                 "sparse_checkout": {
                   "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/jobs.SparseCheckout",
                   "x-databricks-preview": "PRIVATE",
-                  "doNotSuggest": true
+                  "doNotSuggest": true,
+                  "x-since-version": "v0.290.0"
                 }
               },
               "additionalProperties": false,
@@ -6009,7 +6019,8 @@
               "properties": {
                 "patterns": {
                   "description": "List of patterns to include for sparse checkout.",
-                  "$ref": "#/$defs/slice/string"
+                  "$ref": "#/$defs/slice/string",
+                  "x-since-version": "v0.290.0"
                 }
               },
               "additionalProperties": false
@@ -7527,15 +7538,18 @@
               "properties": {
                 "enable_readable_secondaries": {
                   "description": "Whether to allow read-only connections to read-write endpoints. Only relevant for read-write endpoints where\nsize.max \u003e 1.",
-                  "$ref": "#/$defs/bool"
+                  "$ref": "#/$defs/bool",
+                  "x-since-version": "v0.290.0"
                 },
                 "max": {
                   "description": "The maximum number of computes in the endpoint group. Currently, this must be equal to min. Set to 1 for single\ncompute endpoints, to disable HA. To manually suspend all computes in an endpoint group, set disabled to\ntrue on the EndpointSpec.",
-                  "$ref": "#/$defs/int"
+                  "$ref": "#/$defs/int",
+                  "x-since-version": "v0.290.0"
                 },
                 "min": {
                   "description": "The minimum number of computes in the endpoint group. Currently, this must be equal to max. This must be greater\nthan or equal to 1.",
-                  "$ref": "#/$defs/int"
+                  "$ref": "#/$defs/int",
+                  "x-since-version": "v0.290.0"
                 }
               },
               "additionalProperties": false,
@@ -7569,11 +7583,13 @@
               "properties": {
                 "key": {
                   "description": "The key of the custom tag.",
-                  "$ref": "#/$defs/string"
+                  "$ref": "#/$defs/string",
+                  "x-since-version": "v0.290.0"
                 },
                 "value": {
                   "description": "The value of the custom tag.",
-                  "$ref": "#/$defs/string"
+                  "$ref": "#/$defs/string",
+                  "x-since-version": "v0.290.0"
                 }
               },
               "additionalProperties": false