cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

access to event_log TVF

giladba
New Contributor III

โ€Ž08-28-2023 06:08 AM

Hi, 

According to the documentation:

https://docs.databricks.com/en/delta-live-tables/observability.html

"The event_log TVF can be called only by the pipeline owner and a view created over the event_log TVF can be queried only by the pipeline owner. The view cannot be shared with other users."

Can you suggest a workaround?

After searching there is another documentation that says"
https://learn.microsoft.com/en-us/azure/databricks/sql/language-manual/functions/event_log
"Only owners of the pipeline, streaming table, or materialized view can view the event log. Create a view and grant users access on the view to allow other users to query the event log."

> CREATE VIEW event_log_raw AS SELECT * FROM event_log(table(my_mv));
> GRANT SELECT ON VIEW event_log_raw TO `user@databricks.com`;

After granting users access on the view I created,  the user still can't access the view I created.

Would appreciate your help!

Thanks

0 Kudos
6 REPLIES 6

Atanu
Esteemed Contributor
Esteemed Contributor

โ€Ž08-28-2023 07:44 AM

@giladba What is the error the user is getting after granting the permission?

0 Kudos

giladba
New Contributor III
In response to Atanu

โ€Ž08-28-2023 07:47 AM

com.databricks.backend.common.rpc.SparkDriverExceptions$SQLExecutionException: com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User does not have permission to access event logs of pipeline 'pipelineid'

0 Kudos

Kaniz
Community Manager
Community Manager
In response to giladba

โ€Ž08-29-2023 03:41 AM - edited โ€Ž08-29-2023 09:46 AM

Hi @giladbaThe error message "com.databricks.backend.common.rpc.SparkDriverExceptions$SQLExecutionException: com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User does not have permission to access event logs of pipeline '_pipelineid_'"  indicates that the user does not have the necessary permissions to access the event logs of the specified pipeline. This could be due to the user not having the correct permissions for the securables in the metastore, which can include catalogs, schemas, tables, views, etc.
โ€ข The user not being registered in the account console to access the Unity Catalog.
โ€ข The user does not have the "SELECT" permission on certain tables.

To resolve this issue, you can validate if the user/service principal has the proper permission to access the event logs of the pipeline.
โ€ข Verify if the user is registered in the account console. If not, register the user.
โ€ข Check if the user has "SELECT" permission on the necessary tables. If not, grant the required permissions using the GRANT SELECT ON <table_name> TO <username> command.

0 Kudos

giladba
New Contributor III
In response to Kaniz

โ€Ž08-29-2023 04:17 AM

Thanks. The user is part of a group that has select on the relevant view and all the parent permissions needed for the Unity Catalog.

0 Kudos

neha_ayodhya
New Contributor II

โ€Ž02-23-2024 03:29 AM

Hi,
I am also facing the same issue, even after following all the steps mentioned, I am not able to query the event logs.
any help will be greatly appreciated.

0 Kudos

hcjp
New Contributor

Wednesday - last edited Wednesday

Hello,

@Kaniz We are using Databricks on Azure but I suspect this issue impacts all cloud providers.  Essentially, the event_log Table Value Function is only allowing Pipeline Owner to view logs and this is too restrictive.  Despite documentation that states the owner can grant SELECT privileges on a view to other users/groups, this functionality does not work (error is unauthorized as documented above): https://learn.microsoft.com/en-us/azure/databricks/sql/language-manual/functions/event_log#usage

The documented approach at the link above likely doesn't work as users would need to also be granted SELECT on the underlying object (Table?).  In our scenario, we have a Service Principal running our DLT pipelines and need our Data Engineers (group) to be able to view (troubleshoot, monitor, etc.) the event_log of these pipelines.

Would you please raise this as a bug (if intended functionality is to allow granting select permissions) or as a new feature as the current capability is too restrictive.

Resolving this issue will unlock a lot of value for the Databricks community as the event_log contains highly valuable information.

Thank you.

Announcements