From f9bbfc9880eafef83c04dafff37a63a98b56f9bf Mon Sep 17 00:00:00 2001
From: Alex Ott <alexott@gmail.com>
Date: Fri, 28 Oct 2022 13:35:29 +0200
Subject: [PATCH] clarify that `databricks_mws_permission_assignment` should be
 used for assigning account-level users/groups

Raised in #1705 & #1703
---
 docs/resources/group.md             | 2 ++
 docs/resources/service_principal.md | 2 ++
 docs/resources/user.md              | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/docs/resources/group.md b/docs/resources/group.md
index 3ea544c8f1..0f25ad44ab 100644
--- a/docs/resources/group.md
+++ b/docs/resources/group.md
@@ -5,6 +5,8 @@ subcategory: "Security"
 
 This resource allows you to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html), [Databricks Account Console](https://accounts.cloud.databricks.com/) or [Azure Databricks Account Console](https://accounts.azuredatabricks.net). You can also [associate](group_member.md) Databricks users and [service principals](service_principal.md) to groups. This is useful if you are using an application to sync users & groups with SCIM API.
 
+-> **Note** To assign account level groups to workspace use [databricks_mws_permission_assignment](mws_permission_assignment.md).
+
 To create groups in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using [AAD tokens](https://registry.terraform.io/providers/databricks/databricks/latest/docs#special-configurations-for-azure) on Azure deployments
 
 Recommended to use along with Identity Provider SCIM provisioning to populate users into those groups:
diff --git a/docs/resources/service_principal.md b/docs/resources/service_principal.md
index 3159f4d03c..98328495d6 100644
--- a/docs/resources/service_principal.md
+++ b/docs/resources/service_principal.md
@@ -5,6 +5,8 @@ subcategory: "Security"
 
 Directly manage [Service Principals](https://docs.databricks.com/administration-guide/users-groups/service-principals.html) that could be added to [databricks_group](group.md) in Databricks workspace or account.
 
+-> **Note** To assign account level service principals to workspace use [databricks_mws_permission_assignment](mws_permission_assignment.md).
+
 To create service principals in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using [AAD tokens](https://registry.terraform.io/providers/databricks/databricks/latest/docs#special-configurations-for-azure) on Azure deployments
 
 ## Example Usage
diff --git a/docs/resources/user.md b/docs/resources/user.md
index b59d697b80..d5f38f0673 100644
--- a/docs/resources/user.md
+++ b/docs/resources/user.md
@@ -5,6 +5,8 @@ subcategory: "Security"
 
 This resource allows you to manage [users in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/users.html), [Databricks Account Console](https://accounts.cloud.databricks.com/) or [Azure Databricks Account Console](https://accounts.azuredatabricks.net). You can also [associate](group_member.md) Databricks users to [databricks_group](group.md). Upon user creation the user will receive a password reset email. You can also get information about caller identity using [databricks_current_user](../data-sources/current_user.md) data source.
 
+-> **Note** To assign account level users to workspace use [databricks_mws_permission_assignment](mws_permission_assignment.md).
+
 To create users in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using [AAD tokens](https://registry.terraform.io/providers/databricks/databricks/latest/docs#special-configurations-for-azure) on Azure deployments
 
 ## Example Usage