cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Can't able to run following queries

deficiant_codge
Contributor II

I cannot able to run following queries

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email

ALTER TABLE users ADD ATTRIBUTE pii ON phone

GRANT SELECT ON DATABASE iot_data

HAVING ATTRIBUTE NOT IN (pii)

TO product_managers

and

GRANT SELECT ON iot_events TO engineers

GRANT SELECT(date, country) ON iot_events TO marketing

Anything i am missing?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @karthik p​ and @Rahul Mishra​ , Can you please raise a support ticket?

View solution in original post

10 REPLIES 10

karthik_p
Esteemed Contributor

@Rahul Mishra​ I have tried above and did not work for me, but you can create view and try below queries to mask your columns or row Create views | Databricks on AWS

View part also worked for me but i want to control the grant part and don't wanna create view

Thing is create view is not a unique feature of unity catalog but this grant part is actually is so i wanna implement that

karthik_p
Esteemed Contributor

@Kaniz Fatma​ can anyone from data Bircks help on why attribute-based access control function is not working in unity catalog @Rahul Mishra​ 

below commands

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email

ALTER TABLE users ADD ATTRIBUTE pii ON phone

GRANT SELECT ON DATABASE iot_data

HAVING ATTRIBUTE NOT IN (pii)

TO product_managers

Hi @karthik p​ and @Rahul Mishra​ , Can you please raise a support ticket?

@Kaniz Fatma​  even the support page is not working it's redirecting me again and again to the same page

Hi @Rahul Mishra​, Can you please share the screenshot here?

Hi @Kaniz Fatma​, I am getting below error while creating ATTRIBUTE-

%sql

CREATE ATTRIBUTE pii;

Output:

ParseException: 

[PARSE_SYNTAX_ERROR] Syntax error at or near 'ATTRIBUTE'(line 1, pos 7)

== SQL ==

CREATE ATTRIBUTE pii

-------^^^

Hi @Sumit Burnwal​, The SQL syntax you provided is incorrect.

The keyword "ATTRIBUTE" is not valid in this context.

In SQL, you can create attributes as part of a table definition by specifying the attribute name and its data type. Here's an example:

 
CREATE TABLE your_table_name ( pii varchar(255) );

This statement creates a table named "your_table_name" with a single attribute called "pii" of type "varchar" with a maximum length of 255 characters.

Please note that the data type and length may vary depending on your specific use case.

Hi @Kaniz Fatma​ , Thank you for your response.

Are you saying that "attribute" is nothing but a column name in a table?

I was under impression that attribute is like a tag which we should create before using it against a table's column(s). Sharing my reference below -

https://blog.cellenza.com/en/data/row-and-column-level-security-with-databricks/

https://www.databricks.com/blog/2021/05/26/introducing-databricks-unity-catalog-fine-grained-governa...

In either way, I am confused. I have tried to execute below command as per above databricks documentation, hoping it will create attribute, but its failing. Can you pls give an example how can we create a PII tag/attribute on a set of columns in databricks table?

[In below c_phone is a column containing sensitive data in customers table]

SQL> ALTER TABLE customers ADD ATTRIBUTE pii ON c_phone

Output:

ParseException:

[PARSE_SYNTAX_ERROR] Syntax error at or near 'ATTRIBUTE'(line 1, pos 48)

== SQL ==

ALTER TABLE iotsamples.tpch.customer_events ADD ATTRIBUTE pii ON c_phone

------------------------------------------------^^^

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!