cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

PERMISSION_DENIED: User is not an owner of Table/Schema

bean
New Contributor

Hi,

We have recently added a service principal for running and managing all of our jobs. The service principal has ALL PRIVILEGES to our catalogs/schemas/and table. But we're still seeing the error message `PERMISSION_DENIED: User is not an owner of Table/Schema` popping up.

For example, running: 

ALTER TABLE current_name RENAME TO new_name;

Results in:

com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User is not an owner of Table current_name

 Even though the service principal indicated in the `run_as` user of the job has ALL PRIVILEGES to the catalog/schema/ and table. The only way we managed to fix the issue was to change the owner of the table to be the new service principal.

Is that an expected behavior? I though `modify` permission is enough for altering a table.

1 ACCEPTED SOLUTION

Accepted Solutions

-werners-
Esteemed Contributor III

no that is not enough.  depending on the operation you want to do you also need ownership.

See here also:
Permissions on Unity Catalog Table Constraints - Databricks Community - 59569

View solution in original post

3 REPLIES 3

-werners-
Esteemed Contributor III

no that is not enough.  depending on the operation you want to do you also need ownership.

See here also:
Permissions on Unity Catalog Table Constraints - Databricks Community - 59569

bean
New Contributor

Thanks so much for your reply. This makes sense. I wish the alter table documentation https://docs.databricks.com/en/sql/language-manual/sql-ref-syntax-ddl-alter-table.html would have mentioned this explicitly. Because in the Syntax section, it specifies  `Alter table {table_name} rename to {new_name}` as a valid syntax but it does not mention that such operations can only be performed by the owner.

Is there somewhere to request documentation updates (beside from the email option via the Feedback button)? 

-werners-
Esteemed Contributor III

I think the feedback button is the right place. At least I don't know of another way.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group