cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Community Platform Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

List granted access for a group or a user

Henrik
New Contributor III

‎06-03-2024 05:52 AM

Is there any way where I can see what access a group or a user have been given to objects (Tables, views, catalogs etc.)?

I noticed that we have the following information_schema tables:

  • catalog_privileges
  • routine_privileges
  • table_privileges
  • schema_privileges
  • volume_privileges

All very helpfull, but i'm missing an overview for what views a group or a user can select.

So how do I get this overview of rights for a group or user?

0 Kudos
3 REPLIES 3

anardinelli
Databricks Employee
Databricks Employee

‎06-03-2024 07:14 AM

Hi @Henrik how are you?

To list the groups that can access a view, you can use the system.information_schema.table_privileges system table. Here is a sample query:

SELECT grantee, table_name, privilege_type
FROM system.information_schema.table_privileges
WHERE table_name = "your_view_name";

This query will return the groups (grantee), the table name (table_name), and the type of privilege (privilege_type) they have on the table. Please replace "your_view_name" with the name of your view.

For system tables, access is governed by Unity Catalog (UC), but system tables contain operational data for all assets in the DB account, including those not governed by UC. By default, the Account Admin and Metastore Administrator can read from all system tables.

Hope it helps.

Best,

Alessandro

 

0 Kudos

Henrik
New Contributor III
In response to anardinelli

‎06-03-2024 11:02 PM

I there a way to give users that are not account admin nor metastore admin to read all rows from these tables?

0 Kudos

anardinelli
Databricks Employee
Databricks Employee

‎06-04-2024 08:24 AM

Hi @Henrik 

To grant a user the privilege to query system tables, a metastore admin or another privileged user must grant USE and SELECT permissions on the system schemas.

 

GRANT USAGE ON CATALOG  system TO <user_name>;
GRANT USAGE ON SCHEMA information_schema TO <user_name>;
GRANT SELECT ON TABLE <table_name> TO <user_name>;

 

Include <user_name> in backticks ``

 Please note that these commands should be executed by a metastore admin or another privileged user.

Let me know if it helps,

Best,

Alessandro

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements