cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

PERMISSION_DENIED: User is not an owner of Table/Schema

Go to solution
bean
New Contributor II

โ€Ž09-30-2024 05:44 AM

Hi,

We have recently added a service principal for running and managing all of our jobs. The service principal has ALL PRIVILEGES to our catalogs/schemas/and table. But we're still seeing the error message `PERMISSION_DENIED: User is not an owner of Table/Schema` popping up.

For example, running: 

ALTER TABLE current_name RENAME TO new_name;

Results in:

com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User is not an owner of Table current_name

 Even though the service principal indicated in the `run_as` user of the job has ALL PRIVILEGES to the catalog/schema/ and table. The only way we managed to fix the issue was to change the owner of the table to be the new service principal.

Is that an expected behavior? I though `modify` permission is enough for altering a table.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
-werners-
Esteemed Contributor III

โ€Ž09-30-2024 07:37 AM

no that is not enough.  depending on the operation you want to do you also need ownership.

See here also:
Permissions on Unity Catalog Table Constraints - Databricks Community - 59569

View solution in original post

3 REPLIES 3

Go to solution
-werners-
Esteemed Contributor III

โ€Ž09-30-2024 07:37 AM

no that is not enough.  depending on the operation you want to do you also need ownership.

See here also:
Permissions on Unity Catalog Table Constraints - Databricks Community - 59569

Go to solution
bean
New Contributor II

โ€Ž09-30-2024 12:39 PM

Thanks so much for your reply. This makes sense. I wish the alter table documentation https://docs.databricks.com/en/sql/language-manual/sql-ref-syntax-ddl-alter-table.html would have mentioned this explicitly. Because in the Syntax section, it specifies  `Alter table {table_name} rename to {new_name}` as a valid syntax but it does not mention that such operations can only be performed by the owner.

Is there somewhere to request documentation updates (beside from the email option via the Feedback button)? 

0 Kudos

Go to solution
-werners-
Esteemed Contributor III

โ€Ž10-01-2024 12:36 AM

I think the feedback button is the right place. At least I don't know of another way.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements