https://community.databricks.com/t5/data-engineering/automating-ddls-and-privilege-management/m-p/21317#M14517 <P>How do you automate table creation and management of privilege / grants on securable objects (tables, views, etc.).</P><P></P><P>I had idea to use terraform to manage above, but terraform doesn't work with managed tables - it allows to create table but then there are some errors while running `show create table` or `describe table` for example.</P><P></P><P>I have multi-region, multi-tenant environment where I would like to automate process of adding the tables and manage privileges. The schemas across Regions are the same, catalogs might change a bit depends on the region/tenant/customer/</P><P></P><P>My first attempt is:</P><P>1. upload notebook that have statements like:</P><P>DROP and CREATE EXTERNAL TABLES</P><P>CREATE IF NOT EXISTS managed tables.</P><P>Grant privileges on those catalogs, schemas, tables (views in the future, maybe some UDFs and other objects).</P><P>2. Create workflow to execute that notebook above</P><P>workflow can take some params like catalog name, depends on env (dev/stg/prod), and region (eu-west-1, eu-central-1).</P><P></P><P>I am not 100% sure yet about privileges here. Granting access it's we can run over again GRANT ... but Revoking access seems bit problematic, I would need to handle the difference. Check first groups that have access to objects, and if I pass as param different groups then revoke. It's not a problem, I can handle it ,but I would like to know how others are doing this.</P><P></P><P>thanks,</P><P>Pat.</P><P></P><P></P><P></P><P></P> Tue, 22 Nov 2022 08:27:40 GMT Pat 2022-11-22T08:27:40Z https://community.databricks.com/t5/data-engineering/automating-ddls-and-privilege-management/m-p/21317#M14517 <P>How do you automate table creation and management of privilege / grants on securable objects (tables, views, etc.).</P><P></P><P>I had idea to use terraform to manage above, but terraform doesn't work with managed tables - it allows to create table but then there are some errors while running `show create table` or `describe table` for example.</P><P></P><P>I have multi-region, multi-tenant environment where I would like to automate process of adding the tables and manage privileges. The schemas across Regions are the same, catalogs might change a bit depends on the region/tenant/customer/</P><P></P><P>My first attempt is:</P><P>1. upload notebook that have statements like:</P><P>DROP and CREATE EXTERNAL TABLES</P><P>CREATE IF NOT EXISTS managed tables.</P><P>Grant privileges on those catalogs, schemas, tables (views in the future, maybe some UDFs and other objects).</P><P>2. Create workflow to execute that notebook above</P><P>workflow can take some params like catalog name, depends on env (dev/stg/prod), and region (eu-west-1, eu-central-1).</P><P></P><P>I am not 100% sure yet about privileges here. Granting access it's we can run over again GRANT ... but Revoking access seems bit problematic, I would need to handle the difference. Check first groups that have access to objects, and if I pass as param different groups then revoke. It's not a problem, I can handle it ,but I would like to know how others are doing this.</P><P></P><P>thanks,</P><P>Pat.</P><P></P><P></P><P></P><P></P> Tue, 22 Nov 2022 08:27:40 GMT https://community.databricks.com/t5/data-engineering/automating-ddls-and-privilege-management/m-p/21317#M14517 Pat 2022-11-22T08:27:40Z