https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71630#M7376 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/85354">@Henrik</a>&nbsp;</P> <P>To grant a user the privilege to query system tables, a metastore admin or another privileged user must grant USE and SELECT permissions on the system schemas.</P> <P>&nbsp;</P> <LI-CODE lang="markup">GRANT USAGE ON CATALOG system TO &lt;user_name&gt;; GRANT USAGE ON SCHEMA information_schema TO &lt;user_name&gt;; GRANT SELECT ON TABLE &lt;table_name&gt; TO &lt;user_name&gt;;</LI-CODE> <P>&nbsp;</P> <P>Include &lt;user_name&gt; in backticks ``</P> <P>&nbsp;Please note that these commands should be executed by a metastore admin or another privileged user.</P> <P>Let me know if it helps,</P> <P>Best,</P> <P>Alessandro</P> Tue, 04 Jun 2024 15:24:58 GMT anardinelli 2024-06-04T15:24:58Z https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71475#M7373 <P>Is there any way where I can see what access a group or a user have been given to objects (Tables, views, catalogs etc.)?</P><P>I noticed that we have the following information_schema tables:</P><DIV><UL><LI><DIV><DIV><SPAN>catalog_privileges</SPAN></DIV></DIV></LI><LI><DIV><DIV><SPAN>routine_privileges</SPAN></DIV></DIV></LI><LI><DIV><DIV><SPAN>table_privileges</SPAN></DIV></DIV></LI><LI><DIV><DIV><SPAN>schema_privileges</SPAN></DIV></DIV></LI><LI><DIV><DIV><SPAN>volume_privileges</SPAN></DIV></DIV></LI></UL></DIV><P>All very helpfull, but i'm missing an overview for what <STRONG>views</STRONG> a group or a user can select.</P><P>So how do I get this overview of rights for a group or user?</P> Mon, 03 Jun 2024 12:52:31 GMT https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71475#M7373 Henrik 2024-06-03T12:52:31Z https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71484#M7374 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/85354">@Henrik</a>&nbsp;how are you?</P> <P>To list the groups that can access a view, you can use the system.information_schema.table_privileges system table. Here is a sample query:</P> <LI-CODE lang="markup">SELECT grantee, table_name, privilege_type FROM system.information_schema.table_privileges WHERE table_name = "your_view_name";</LI-CODE> <P>This query will return the groups (grantee), the table name (table_name), and the type of privilege (privilege_type) they have on the table. Please replace "your_view_name" with the name of your view.</P> <P>For system tables, access is governed by Unity Catalog (UC), but system tables contain operational data for all assets in the DB account, including those not governed by UC. By default, the Account Admin and Metastore Administrator can read from all system tables.</P> <P>Hope it helps.</P> <P>Best,</P> <P>Alessandro</P> <P>&nbsp;</P> Mon, 03 Jun 2024 14:14:18 GMT https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71484#M7374 anardinelli 2024-06-03T14:14:18Z https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71558#M7375 <P>I there a way to give users that are not account admin nor metastore admin to read all rows from these tables?</P> Tue, 04 Jun 2024 06:02:32 GMT https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71558#M7375 Henrik 2024-06-04T06:02:32Z https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71630#M7376 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/85354">@Henrik</a>&nbsp;</P> <P>To grant a user the privilege to query system tables, a metastore admin or another privileged user must grant USE and SELECT permissions on the system schemas.</P> <P>&nbsp;</P> <LI-CODE lang="markup">GRANT USAGE ON CATALOG system TO &lt;user_name&gt;; GRANT USAGE ON SCHEMA information_schema TO &lt;user_name&gt;; GRANT SELECT ON TABLE &lt;table_name&gt; TO &lt;user_name&gt;;</LI-CODE> <P>&nbsp;</P> <P>Include &lt;user_name&gt; in backticks ``</P> <P>&nbsp;Please note that these commands should be executed by a metastore admin or another privileged user.</P> <P>Let me know if it helps,</P> <P>Best,</P> <P>Alessandro</P> Tue, 04 Jun 2024 15:24:58 GMT https://community.databricks.com/t5/get-started-discussions/list-granted-access-for-a-group-or-a-user/m-p/71630#M7376 anardinelli 2024-06-04T15:24:58Z