cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Drop table - permission management

PiotrM
New Contributor III

โ€Ž02-01-2025 12:13 PM

Hello,

I'm trying to wrap my head around the permission management for dropping tables in UC enabled schemas.

According to docs: 

To drop a table you must have the MANAGE privilege on the table, be its owner, or the owner of the schema, catalog, or metastore the table resides in.

So more or less you'd have to had some kind of ownership/management level privilages to do it.

The issue I seem to have with it is as follows - I'd like to give the developers permission to conduct all necessary tasks in the schemas they can access: like table creation/modyfing/droping etc. without them having the ability to grant other users permissions on the schema level. 

The perfect solution that I can envision would be a seperate DROP privilage on either catalog/schema/table level.

What are the best practices to approach this matter?

BR

 

4 REPLIES 4

Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-01-2025 06:18 PM

Hi @PiotrM,

Thanks for your questions. 

Given the current capabilities of Unity Catalog, there is no separate DROP privilege that can be granted independently of the MANAGE privilege. It is best practice to assign access to groups rather than individual users. This simplifies identity management and ensures that permissions are consistently applied. You can create groups for developers and assign the necessary permissions to these groups, however to drop tables you will need manage permission. I will raise a feature request for your use-case.

PiotrM
New Contributor III

โ€Ž02-03-2025 12:39 AM

Hey @Alberto_Umana,

thank you for reaching out. 

Greatly appreciated. Could you please let me know in case there is any response from product team, be it positive or negative?

Alberto_Umana
Databricks Employee
Databricks Employee

โ€Ž02-03-2025 04:40 AM

Hi @PiotrM,

I see there is a feature request already in place. It's been considered for the future: https://databricks.aha.io/ideas/ideas/DB-I-7480

0 Kudos

pablo_paez
New Contributor II
In response to Alberto_Umana

โ€Ž06-09-2025 02:32 PM

It will be nice to have this feature, I really want  to manage separetly the permission to add or edit records and the preivlegue to delete records. Nowdays are all in the same box

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements