cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Drop table - permission management

PiotrM
New Contributor III

โ€Ž02-01-2025 12:13 PM

Hello,

I'm trying to wrap my head around the permission management for dropping tables in UC enabled schemas.

According to docs: 

To drop a table you must have the MANAGE privilege on the table, be its owner, or the owner of the schema, catalog, or metastore the table resides in.

So more or less you'd have to had some kind of ownership/management level privilages to do it.

The issue I seem to have with it is as follows - I'd like to give the developers permission to conduct all necessary tasks in the schemas they can access: like table creation/modyfing/droping etc. without them having the ability to grant other users permissions on the schema level. 

The perfect solution that I can envision would be a seperate DROP privilage on either catalog/schema/table level.

What are the best practices to approach this matter?

BR

 

3 REPLIES 3

Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-01-2025 06:18 PM

Hi @PiotrM,

Thanks for your questions. 

Given the current capabilities of Unity Catalog, there is no separate DROP privilege that can be granted independently of the MANAGE privilege. It is best practice to assign access to groups rather than individual users. This simplifies identity management and ensures that permissions are consistently applied. You can create groups for developers and assign the necessary permissions to these groups, however to drop tables you will need manage permission. I will raise a feature request for your use-case.

PiotrM
New Contributor III

โ€Ž02-03-2025 12:39 AM

Hey @Alberto_Umana,

thank you for reaching out. 

Greatly appreciated. Could you please let me know in case there is any response from product team, be it positive or negative?

Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-03-2025 04:40 AM

Hi @PiotrM,

I see there is a feature request already in place. It's been considered for the future: https://databricks.aha.io/ideas/ideas/DB-I-7480

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements