cancel
Showing results for 
Search instead for 
Did you mean: 
Community Platform Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Showing results for 
Search instead for 
Did you mean: 

List granted access for a group or a user

Henrik
New Contributor III

Is there any way where I can see what access a group or a user have been given to objects (Tables, views, catalogs etc.)?

I noticed that we have the following information_schema tables:

  • catalog_privileges
  • routine_privileges
  • table_privileges
  • schema_privileges
  • volume_privileges

All very helpfull, but i'm missing an overview for what views a group or a user can select.

So how do I get this overview of rights for a group or user?

3 REPLIES 3

anardinelli
Databricks Employee
Databricks Employee

Hi @Henrik how are you?

To list the groups that can access a view, you can use the system.information_schema.table_privileges system table. Here is a sample query:

SELECT grantee, table_name, privilege_type
FROM system.information_schema.table_privileges
WHERE table_name = "your_view_name";

This query will return the groups (grantee), the table name (table_name), and the type of privilege (privilege_type) they have on the table. Please replace "your_view_name" with the name of your view.

For system tables, access is governed by Unity Catalog (UC), but system tables contain operational data for all assets in the DB account, including those not governed by UC. By default, the Account Admin and Metastore Administrator can read from all system tables.

Hope it helps.

Best,

Alessandro

 

Henrik
New Contributor III

I there a way to give users that are not account admin nor metastore admin to read all rows from these tables?

anardinelli
Databricks Employee
Databricks Employee

Hi @Henrik 

To grant a user the privilege to query system tables, a metastore admin or another privileged user must grant USE and SELECT permissions on the system schemas.

 

GRANT USAGE ON CATALOG  system TO <user_name>;
GRANT USAGE ON SCHEMA information_schema TO <user_name>;
GRANT SELECT ON TABLE <table_name> TO <user_name>;

 

Include <user_name> in backticks ``

 Please note that these commands should be executed by a metastore admin or another privileged user.

Let me know if it helps,

Best,

Alessandro

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group