cancel
Showing results for 
Search instead for 
Did you mean: 
Community Platform Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Showing results for 
Search instead for 
Did you mean: 

Permissions on Unity Catalog Table Constraints

RobsonNLPT
Contributor

Hi all.

I've used new options to add constraints to UC tables

Even granting permissions to an user (ALL PRIVILEGES) on particular schema we have errors when trying to add PKs. The message doesn't make sense (PERMISSION_DENIED: User is not an owner of Table).The only option to solve this issue is granting ownership on tables he is working.I was expecting ALL PRIVILEGES to cover all DDL operations. Is this an issue on this public preview?

Best

Robson

 

 

 

3 REPLIES 3

saikumar246
Contributor II

Hi, @RobsonNLPT Thank you for bringing your concern here.

I understand that you are granting (ALL PRIVILEGES) on a particular schema to the user and while that user is trying to add the Primary Key, getting (PERMISSION_DENIED: User is not an owner of Table). It is expected, because in Databricks altering the table, deleting the table or adding the PKs(any alter operations on the table) should need owner privilege on the table. Please see the below link for your reference regarding adding PKs.

https://docs.databricks.com/en/machine-learning/feature-store/uc/feature-tables-uc.html#:~:text=Only...

In Databricks, granting ALL PRIVILEGES on the object means you are granting the below permissions that do not include all the DDL operations.

saikumar246_0-1707745880381.png

You can follow this link to understand more about the General Unity Catalog privilege types in the Databricks:- https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/privileges.html#gener...

Please leave a like if this answers your question, follow-ups are appreciated.

Regards,

Sai Kumar

dmart
New Contributor III

So how does one grant these permissions to non-owners?

ATN
New Contributor II

I think the easiest way would be for a workspace admin to create a identity and access group and add the users and service principals who needs to run DDL operations to that group. Ownership of tables could then be transfered to this group.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group