Databricks Community

Henrik · ‎06-03-2024

Is there any way where I can see what access a group or a user have been given to objects (Tables, views, catalogs etc.)?

I noticed that we have the following information_schema tables:

catalog_privileges
routine_privileges
table_privileges
schema_privileges
volume_privileges

All very helpfull, but i'm missing an overview for what views a group or a user can select.

So how do I get this overview of rights for a group or user?

anardinelli · ‎06-03-2024

Hi @Henrik how are you?

To list the groups that can access a view, you can use the system.information_schema.table_privileges system table. Here is a sample query:

SELECT grantee, table_name, privilege_type
FROM system.information_schema.table_privileges
WHERE table_name = "your_view_name";

This query will return the groups (grantee), the table name (table_name), and the type of privilege (privilege_type) they have on the table. Please replace "your_view_name" with the name of your view.

For system tables, access is governed by Unity Catalog (UC), but system tables contain operational data for all assets in the DB account, including those not governed by UC. By default, the Account Admin and Metastore Administrator can read from all system tables.

Hope it helps.

Best,

Alessandro

Henrik · ‎06-03-2024

I there a way to give users that are not account admin nor metastore admin to read all rows from these tables?

anardinelli · ‎06-04-2024

Hi @Henrik

To grant a user the privilege to query system tables, a metastore admin or another privileged user must grant USE and SELECT permissions on the system schemas.

GRANT USAGE ON CATALOG  system TO <user_name>;
GRANT USAGE ON SCHEMA information_schema TO <user_name>;
GRANT SELECT ON TABLE <table_name> TO <user_name>;