cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

access to event_log TVF

giladba
New Contributor III

‎08-28-2023 06:08 AM

Hi, 

According to the documentation:

https://docs.databricks.com/en/delta-live-tables/observability.html

"The event_log TVF can be called only by the pipeline owner and a view created over the event_log TVF can be queried only by the pipeline owner. The view cannot be shared with other users."

Can you suggest a workaround?

After searching there is another documentation that says"
https://learn.microsoft.com/en-us/azure/databricks/sql/language-manual/functions/event_log
"Only owners of the pipeline, streaming table, or materialized view can view the event log. Create a view and grant users access on the view to allow other users to query the event log."

> CREATE VIEW event_log_raw AS SELECT * FROM event_log(table(my_mv));
> GRANT SELECT ON VIEW event_log_raw TO `user@databricks.com`;

After granting users access on the view I created,  the user still can't access the view I created.

Would appreciate your help!

Thanks

10 REPLIES 10

Atanu
Esteemed Contributor
Esteemed Contributor

‎08-28-2023 07:44 AM

@giladba What is the error the user is getting after granting the permission?

0 Kudos

giladba
New Contributor III
In response to Atanu

‎08-28-2023 07:47 AM

com.databricks.backend.common.rpc.SparkDriverExceptions$SQLExecutionException: com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User does not have permission to access event logs of pipeline 'pipelineid'

0 Kudos

Kaniz_Fatma
Community Manager
Community Manager
In response to giladba

‎08-29-2023 03:41 AM - edited ‎08-29-2023 09:46 AM

Hi @giladbaThe error message "com.databricks.backend.common.rpc.SparkDriverExceptions$SQLExecutionException: com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User does not have permission to access event logs of pipeline '_pipelineid_'"  indicates that the user does not have the necessary permissions to access the event logs of the specified pipeline. This could be due to the user not having the correct permissions for the securables in the metastore, which can include catalogs, schemas, tables, views, etc.
• The user not being registered in the account console to access the Unity Catalog.
• The user does not have the "SELECT" permission on certain tables.

To resolve this issue, you can validate if the user/service principal has the proper permission to access the event logs of the pipeline.
• Verify if the user is registered in the account console. If not, register the user.
• Check if the user has "SELECT" permission on the necessary tables. If not, grant the required permissions using the GRANT SELECT ON <table_name> TO <username> command.

0 Kudos

giladba
New Contributor III
In response to Kaniz_Fatma

‎08-29-2023 04:17 AM

Thanks. The user is part of a group that has select on the relevant view and all the parent permissions needed for the Unity Catalog.

0 Kudos

neha_ayodhya
New Contributor II

‎02-23-2024 03:29 AM

Hi,
I am also facing the same issue, even after following all the steps mentioned, I am not able to query the event logs.
any help will be greatly appreciated.

0 Kudos

hcjp
New Contributor III

‎05-22-2024 07:00 AM - edited ‎05-22-2024 01:37 PM

Hello,

@Kaniz_Fatma We are using Databricks on Azure but I suspect this issue impacts all cloud providers.  Essentially, the event_log Table Value Function is only allowing Pipeline Owner to view logs and this is too restrictive.  Despite documentation that states the owner can grant SELECT privileges on a view to other users/groups, this functionality does not work (error is unauthorized as documented above): https://learn.microsoft.com/en-us/azure/databricks/sql/language-manual/functions/event_log#usage

The documented approach at the link above likely doesn't work as users would need to also be granted SELECT on the underlying object (Table?).  In our scenario, we have a Service Principal running our DLT pipelines and need our Data Engineers (group) to be able to view (troubleshoot, monitor, etc.) the event_log of these pipelines.

Would you please raise this as a bug (if intended functionality is to allow granting select permissions) or as a new feature as the current capability is too restrictive.

Resolving this issue will unlock a lot of value for the Databricks community as the event_log contains highly valuable information.

Thank you.

larsbbb
New Contributor II

‎06-11-2024 07:52 AM

Is there already a solution for this?

0 Kudos

hcjp
New Contributor III

‎06-13-2024 08:02 AM

As per this documentation, https://learn.microsoft.com/en-us/azure/databricks/delta-live-tables/unity-catalog, the issue here is documented as a current Limitation:

Limitations

The following are limitations when using Unity Catalog with Delta Live Tables:

  • You cannot use the event_log table valued function in a pipeline or query to access the event logs of multiple pipelines. (hcjp: not directly related to this thread but also delivers value when limitation removed)

  • You cannot share a view created over the event_log table valued function with other users. (hcjp: limitation associated with this specific issue)

@Kaniz_Fatma - I think the community ask, or at least those on this thread, is to get some visibility into when these limitations will be removed.  Is this currently on the backlog and, if not, is there some way we can upvote it?

Thank you.

larsbbb
New Contributor II
In response to hcjp

‎06-14-2024 02:24 AM

Thank you for summarizing the issues @hcjp! Looking forward to the reply of @Kaniz_Fatma 

Kaniz_Fatma
Community Manager
Community Manager
In response to larsbbb

2 weeks ago - last edited 2 weeks ago

Hi @larsbbb and @hcjp, You can submit feedback directly to the product team to influence the Databricks product roadmap in the following ways:

  • To quickly submit feedback about your experience with Databricks, fill out the feedback form in your workspace.

  • To interactively contribute to the product roadmap, submit a feature request in the Ideas Portal. You can view, comment, and vote up other users’ requests. You can also monitor the progress of your favorite ideas as the Databricks product team goes through their product planning and development process.

 

To work around this limitation, a few suggestions are provided:

  1. Create a notebook or SQL script that queries the event log and contains the necessary logic to extract the desired information. The pipeline owner can then share this notebook or script with other users, allowing them to run it and access the event log data indirectly.
  2. Explore the possibility of creating a separate table or dataset that contains the relevant event log data, extracted and transformed as needed. The pipeline owner can then grant SELECT access on this table to the desired users, enabling them to directly query the data without accessing the event log directly.
0 Kudos
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!

Announcements