[FEATURE] Make metastore_admin role assignable via terraform

[EMayneKT]

Use-cases

We now use the auto-generated unity-catalog metastores but are unable to grant privileges on the system catalog or system schemas due to the following errors:
Error: cannot create grant: User does not have MANAGE on Catalog 'system'.
Error: cannot create grant: User does not have MANAGE on Schema 'system.billing'.

We can assign the metastore admin role via the Databricks console but this is an additional manual step in our deployment which we're trying to automate as far as possible.

Attempted Solutions

• Importing metastore as a databricks_metastore resource to alter the owner but terraform 1.5.x doesn't support dynamic import blocks and the metastore ID must be passed in as a string literal.

• Granting additional permissions to the terraform service principal but there are some not listed for the metastore admin role in the documentation.

• Looked for metastore admin role for assignment (as account admin is assignable) but it doesn't exist.

Proposal

Could the metastore_admin role be made assignable in the same way the account_admin role is?

[alexott]

"Metastore admin" in UI is just an owner of the metastore. Consider changing the owner to a group and adding your SP into that group.

Most probably it will be solved by #4321.

[EMayneKT]

Thanks @alexott ! #4321 certainly looks like it would solve the problem if it supports changes to metastore ownership.