https://community.databricks.com/t5/data-engineering/is-there-anyway-to-execute-grant-and-revoke-statements-to-a-user/m-p/10451#M5626 <P>Hi, GRANT and REVOKE are <A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html?&amp;_ga=2.193434603.799059143.1675584833-925182843.1674505910#privilege-types" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html?&amp;_ga=2.193434603.799059143.1675584833-925182843.1674505910#privilege-types" target="_blank">privilege</A>s&nbsp;on an&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" target="_blank">securable object</A>&nbsp;to a&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-principal.html" alt="https://docs.databricks.com/sql/language-manual/sql-ref-principal.html" target="_blank">principal</A>. And a principal is a user, service principal, or group known to the metastore. Principals can be granted&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#privilege-types" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#privilege-types" target="_blank">privileges</A>&nbsp;and may own&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" target="_blank">securable objects</A>.</P><P>Also, you can use&nbsp;<A href="https://docs.databricks.com/sql/language-manual/security-revoke-share.html" alt="https://docs.databricks.com/sql/language-manual/security-revoke-share.html" target="_blank">REVOKE ON SHARE</A>&nbsp;to revoke access on&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" target="_blank">shares</A>&nbsp;from&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" target="_blank">recipients</A> and you can use&nbsp;<A href="https://docs.databricks.com/sql/language-manual/security-grant-share.html" alt="https://docs.databricks.com/sql/language-manual/security-grant-share.html" target="_blank">GRANT ON SHARE</A>&nbsp;to grant&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" target="_blank">recipients</A>&nbsp;access to&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" target="_blank">shares</A>.</P><P>Please refer: <A href="https://docs.databricks.com/sql/language-manual/security-grant.html" alt="https://docs.databricks.com/sql/language-manual/security-grant.html" target="_blank">https://docs.databricks.com/sql/language-manual/security-grant.html</A></P><P><A href="https://docs.databricks.com/sql/language-manual/security-revoke.html" alt="https://docs.databricks.com/sql/language-manual/security-revoke.html" target="_blank">https://docs.databricks.com/sql/language-manual/security-revoke.html</A></P> Sun, 05 Feb 2023 13:12:53 GMT Debayan 2023-02-05T13:12:53Z https://community.databricks.com/t5/data-engineering/is-there-anyway-to-execute-grant-and-revoke-statements-to-a-user/m-p/10450#M5625 <P>SELECT if((select count(*) from information_schema.table_privileges where grantee = 'samo@test.com' and table_schema='demo_schema' and table_catalog='demo_catalog')==1, (select count(*) from demo_catalog.demo_schema.demo_table), (select count(*) from demo_catalog.demo_schema.demo_table2));</P><P></P><P>The above query is working and I'm getting the result. </P><P></P><P>But what I'm trying to achieve is that,</P><P> if </P><P>select count(*) from information_schema.table_privileges where grantee = 'samo@test.com' and table_schema='demo_schema' and table_catalog='demo_catalog')==1</P><P>If the above condition is true , then I want to run the below subqueries altogether:</P><P>revoke select on table demo_catalog.demo_schema.demo_table from `samo@test.com`;revoke usage on catalog demo_catalog from `samo@test.com`;revoke usage on schema demo_catalog.demo_schema from `samo@test.com`;</P><P></P><P>Basically, for a user, if there is access to only one table, then I want to revoke the access from table, schema and catalog.</P><P></P><P>Is it possible to achieve this, if yes, How to achieve it?</P> Tue, 31 Jan 2023 09:48:01 GMT https://community.databricks.com/t5/data-engineering/is-there-anyway-to-execute-grant-and-revoke-statements-to-a-user/m-p/10450#M5625 data_explorer 2023-01-31T09:48:01Z https://community.databricks.com/t5/data-engineering/is-there-anyway-to-execute-grant-and-revoke-statements-to-a-user/m-p/10451#M5626 <P>Hi, GRANT and REVOKE are <A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html?&amp;_ga=2.193434603.799059143.1675584833-925182843.1674505910#privilege-types" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html?&amp;_ga=2.193434603.799059143.1675584833-925182843.1674505910#privilege-types" target="_blank">privilege</A>s&nbsp;on an&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" target="_blank">securable object</A>&nbsp;to a&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-principal.html" alt="https://docs.databricks.com/sql/language-manual/sql-ref-principal.html" target="_blank">principal</A>. And a principal is a user, service principal, or group known to the metastore. Principals can be granted&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#privilege-types" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#privilege-types" target="_blank">privileges</A>&nbsp;and may own&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" alt="https://docs.databricks.com/sql/language-manual/sql-ref-privileges.html#securable-objects" target="_blank">securable objects</A>.</P><P>Also, you can use&nbsp;<A href="https://docs.databricks.com/sql/language-manual/security-revoke-share.html" alt="https://docs.databricks.com/sql/language-manual/security-revoke-share.html" target="_blank">REVOKE ON SHARE</A>&nbsp;to revoke access on&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" target="_blank">shares</A>&nbsp;from&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" target="_blank">recipients</A> and you can use&nbsp;<A href="https://docs.databricks.com/sql/language-manual/security-grant-share.html" alt="https://docs.databricks.com/sql/language-manual/security-grant-share.html" target="_blank">GRANT ON SHARE</A>&nbsp;to grant&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#recipients" target="_blank">recipients</A>&nbsp;access to&nbsp;<A href="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" alt="https://docs.databricks.com/sql/language-manual/sql-ref-sharing.html#shares" target="_blank">shares</A>.</P><P>Please refer: <A href="https://docs.databricks.com/sql/language-manual/security-grant.html" alt="https://docs.databricks.com/sql/language-manual/security-grant.html" target="_blank">https://docs.databricks.com/sql/language-manual/security-grant.html</A></P><P><A href="https://docs.databricks.com/sql/language-manual/security-revoke.html" alt="https://docs.databricks.com/sql/language-manual/security-revoke.html" target="_blank">https://docs.databricks.com/sql/language-manual/security-revoke.html</A></P> Sun, 05 Feb 2023 13:12:53 GMT https://community.databricks.com/t5/data-engineering/is-there-anyway-to-execute-grant-and-revoke-statements-to-a-user/m-p/10451#M5626 Debayan 2023-02-05T13:12:53Z