cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

get permissions assignment done from the workspaces UI

noorbasha534
Valued Contributor II

โ€Ž04-09-2025 03:56 PM

Hi all,

I am looking to capture events of permissions assigned on catalog/schemas/tables/views from the workspaces UI; example, someone gave another user USE CATALOG permission from the UI.

Is it possible to capture all such events?

appreciate the mindshare

Labels:
0 Kudos
4 REPLIES 4

Advika
Community Manager
Community Manager

โ€Ž04-10-2025 05:52 AM

Hello @noorbasha534!

Yes, it's possible to capture permission-related events made through the Databricks workspace UI using Unity Catalog audit logs. These logs automatically track such actions at the account level. To capture these events, make sure audit logging is enabled for your account and a delivery location is configured.

For more details: Audit Unity Catalog events

0 Kudos

noorbasha534
Valued Contributor II

โ€Ž04-10-2025 08:11 AM

@Advika can you kindly please let me know the action name that I should filter upon...

0 Kudos

Advika
Community Manager
Community Manager
In response to noorbasha534

โ€Ž04-11-2025 03:27 AM

@noorbasha534, you can use the action_name field to filter specific types of events. For example, to track permission changesโ€”such as grants or revokes on catalogues, schemas, tables, or views, you can filter by updatePermissions. That said, the exact action name depends on the type of event you're trying to track.

0 Kudos

noorbasha534
Valued Contributor II
In response to Advika

โ€Ž04-12-2025 02:00 PM

@Advika Hi Advika, thanks much for your time in replying. we do the same currently. However, please note we as admins give permissions via an automatically generated notebook ((permissions come from Git and the CI/CD pipeline generates notebooks)). Therefore, our IDs are also appearing in that action results. One thing we notice for those who give permissions from the UI - the user_agent column contains the browser name like 'Mozilla * Chrome'.

If there is a fool-proof way, request you kindly please investigate and share with us. Highly appreciate as we have controls internally we have to meet. Admins are giving permissions via UI; also, there are so many limitations with current Databricks permissions model - we want developers to be schema owners but do not expect them to give permissions, and owners can give permissions at the moment. We are discussing these with Databricks RSA anyways.

0 Kudos
Announcements