topic πŸ” How Do I Prevent Users from Accidentally Deleting Tables in Unity Catalog? πŸ” in Community Articles https://community.databricks.com/t5/community-articles/how-do-i-prevent-users-from-accidentally-deleting-tables-in/m-p/121424#M443 <H3><span class="lia-unicode-emoji" title=":question_mark:">❓</span> <STRONG>Question:</STRONG></H3><P>I have a role called dev-dataengineer with the following privileges on the catalog dap_catalog_dev:</P><UL><LI><P>APPLY TAG</P></LI><LI><P>CREATE FUNCTION</P></LI><LI><P>CREATE MATERIALIZED VIEW</P></LI><LI><P>CREATE TABLE</P></LI><LI><P>CREATE VOLUME</P></LI><LI><P>EXECUTE</P></LI><LI><P>READ VOLUME</P></LI><LI><P>REFRESH</P></LI><LI><P>SELECT</P></LI><LI><P>USE SCHEMA</P></LI><LI><P>WRITE VOLUME</P></LI></UL><P>Despite this, users are still able to <STRONG>delete/drop tables</STRONG> within dap_catalog_dev.</P><HR /><H3><span class="lia-unicode-emoji" title=":question_mark:">❓</span><STRONG>Question</STRONG>:</H3><P><STRONG>Why are users still able to delete tables, and how can I restrict this behavior so that table deletion is not allowed?</STRONG></P><P>I want to ensure that users can read and create tables if needed, but not delete them</P><H3><span class="lia-unicode-emoji" title=":white_heavy_check_mark:">βœ…</span> <STRONG>Answer:</STRONG></H3><P>Great question β€” and one that's crucial for <STRONG>data governance and table protection</STRONG> in shared environments!</P><H2><span class="lia-unicode-emoji" title=":prohibited:">🚫</span> Why Users Can Still Delete Tables</H2><P><STRONG>CREATE TABLE on a catalog</STRONG> allows users to create AND drop their own tables, unless further restricted.</P><P><span class="lia-unicode-emoji" title=":locked_with_key:">πŸ”</span> <STRONG>How to Prevent Table Deletion</STRONG></P><P>To prevent accidental or unauthorized table deletion:</P><OL><LI><P><STRONG>Avoid granting DROP, MODIFY, or ALL PRIVILEGES</STRONG> at the catalog or schema level.</P></LI><LI><P><STRONG>Grant CREATE TABLE only at the schema level</STRONG>, not the catalog level β€” this scopes table creation to specific areas.</P></LI><LI><P><STRONG>Restrict OWNERSHIP</STRONG> transfer, as object owners can drop their own tables regardless of other permissions.</P></LI><LI><P><STRONG>Review and manage privileges regularly</STRONG> using SHOW GRANTS.</P></LI></OL><P><STRONG>Fix - That Worked for mea nd eventually for all</STRONG></P><P>Audit all roles (not just dev-dataengineer) and users for:</P><UL><LI><P>DROP, MODIFY, or ALL PRIVILEGES</P></LI><LI><P>CREATE TABLE permissions granted at higher scopes (e.g., catalog)</P></LI></UL><P>You can run something like:</P><PRE>SHOW GRANTS ON SCHEMA dap_catalog_dev;<BR />SHOW GRANTS ON CATALOG dap_catalog_dev;</PRE><P>&nbsp;</P> Wed, 11 Jun 2025 04:14:50 GMT CURIOUS_DE 2025-06-11T04:14:50Z πŸ” How Do I Prevent Users from Accidentally Deleting Tables in Unity Catalog? πŸ” https://community.databricks.com/t5/community-articles/how-do-i-prevent-users-from-accidentally-deleting-tables-in/m-p/121424#M443 <H3><span class="lia-unicode-emoji" title=":question_mark:">❓</span> <STRONG>Question:</STRONG></H3><P>I have a role called dev-dataengineer with the following privileges on the catalog dap_catalog_dev:</P><UL><LI><P>APPLY TAG</P></LI><LI><P>CREATE FUNCTION</P></LI><LI><P>CREATE MATERIALIZED VIEW</P></LI><LI><P>CREATE TABLE</P></LI><LI><P>CREATE VOLUME</P></LI><LI><P>EXECUTE</P></LI><LI><P>READ VOLUME</P></LI><LI><P>REFRESH</P></LI><LI><P>SELECT</P></LI><LI><P>USE SCHEMA</P></LI><LI><P>WRITE VOLUME</P></LI></UL><P>Despite this, users are still able to <STRONG>delete/drop tables</STRONG> within dap_catalog_dev.</P><HR /><H3><span class="lia-unicode-emoji" title=":question_mark:">❓</span><STRONG>Question</STRONG>:</H3><P><STRONG>Why are users still able to delete tables, and how can I restrict this behavior so that table deletion is not allowed?</STRONG></P><P>I want to ensure that users can read and create tables if needed, but not delete them</P><H3><span class="lia-unicode-emoji" title=":white_heavy_check_mark:">βœ…</span> <STRONG>Answer:</STRONG></H3><P>Great question β€” and one that's crucial for <STRONG>data governance and table protection</STRONG> in shared environments!</P><H2><span class="lia-unicode-emoji" title=":prohibited:">🚫</span> Why Users Can Still Delete Tables</H2><P><STRONG>CREATE TABLE on a catalog</STRONG> allows users to create AND drop their own tables, unless further restricted.</P><P><span class="lia-unicode-emoji" title=":locked_with_key:">πŸ”</span> <STRONG>How to Prevent Table Deletion</STRONG></P><P>To prevent accidental or unauthorized table deletion:</P><OL><LI><P><STRONG>Avoid granting DROP, MODIFY, or ALL PRIVILEGES</STRONG> at the catalog or schema level.</P></LI><LI><P><STRONG>Grant CREATE TABLE only at the schema level</STRONG>, not the catalog level β€” this scopes table creation to specific areas.</P></LI><LI><P><STRONG>Restrict OWNERSHIP</STRONG> transfer, as object owners can drop their own tables regardless of other permissions.</P></LI><LI><P><STRONG>Review and manage privileges regularly</STRONG> using SHOW GRANTS.</P></LI></OL><P><STRONG>Fix - That Worked for mea nd eventually for all</STRONG></P><P>Audit all roles (not just dev-dataengineer) and users for:</P><UL><LI><P>DROP, MODIFY, or ALL PRIVILEGES</P></LI><LI><P>CREATE TABLE permissions granted at higher scopes (e.g., catalog)</P></LI></UL><P>You can run something like:</P><PRE>SHOW GRANTS ON SCHEMA dap_catalog_dev;<BR />SHOW GRANTS ON CATALOG dap_catalog_dev;</PRE><P>&nbsp;</P> Wed, 11 Jun 2025 04:14:50 GMT https://community.databricks.com/t5/community-articles/how-do-i-prevent-users-from-accidentally-deleting-tables-in/m-p/121424#M443 CURIOUS_DE 2025-06-11T04:14:50Z Re: πŸ” How Do I Prevent Users from Accidentally Deleting Tables in Unity Catalog? πŸ” https://community.databricks.com/t5/community-articles/how-do-i-prevent-users-from-accidentally-deleting-tables-in/m-p/121697#M447 <P>Thanks for breaking it down so clearly, <a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/96088">@CURIOUS_DE</a>! That’s such a subtle detail. Many overlook it, but it's important to be aware of it.</P> Fri, 13 Jun 2025 09:30:59 GMT https://community.databricks.com/t5/community-articles/how-do-i-prevent-users-from-accidentally-deleting-tables-in/m-p/121697#M447 Advika 2025-06-13T09:30:59Z Re: πŸ” How Do I Prevent Users from Accidentally Deleting Tables in Unity Catalog? πŸ” https://community.databricks.com/t5/community-articles/how-do-i-prevent-users-from-accidentally-deleting-tables-in/m-p/123530#M454 <P>Managing assets in UC is always a overhead maintenance. We have this access controls in terraform codes and it is always hard to see what level of access is given to different personas in the org. We are building an audit dashboard for it.</P> Tue, 01 Jul 2025 19:23:23 GMT https://community.databricks.com/t5/community-articles/how-do-i-prevent-users-from-accidentally-deleting-tables-in/m-p/123530#M454 nayan_wylde 2025-07-01T19:23:23Z