cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can't able to run following queries

deficiant_codge
Contributor II

‎10-19-2022 06:38 AM

I cannot able to run following queries

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email

ALTER TABLE users ADD ATTRIBUTE pii ON phone

GRANT SELECT ON DATABASE iot_data

HAVING ATTRIBUTE NOT IN (pii)

TO product_managers

and

GRANT SELECT ON iot_events TO engineers

GRANT SELECT(date, country) ON iot_events TO marketing

Anything i am missing?

Labels:
7 REPLIES 7

karthik_p
Esteemed Contributor

‎10-19-2022 06:53 AM

@Rahul Mishra​ I have tried above and did not work for me, but you can create view and try below queries to mask your columns or row Create views | Databricks on AWS

deficiant_codge
Contributor II
In response to karthik_p

‎10-19-2022 07:09 AM

View part also worked for me but i want to control the grant part and don't wanna create view

deficiant_codge
Contributor II
In response to karthik_p

‎10-19-2022 07:10 AM

Thing is create view is not a unique feature of unity catalog but this grant part is actually is so i wanna implement that

karthik_p
Esteemed Contributor

‎10-19-2022 07:20 AM

@Kaniz Fatma​ can anyone from data Bircks help on why attribute-based access control function is not working in unity catalog @Rahul Mishra​ 

below commands

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email

ALTER TABLE users ADD ATTRIBUTE pii ON phone

GRANT SELECT ON DATABASE iot_data

HAVING ATTRIBUTE NOT IN (pii)

TO product_managers

deficiant_codge
Contributor II
In response to Retired_mod

‎10-20-2022 03:47 AM

@Kaniz Fatma​  even the support page is not working it's redirecting me again and again to the same page

Sumit_Kumar
New Contributor III
In response to Retired_mod

‎05-11-2023 11:52 AM

Hi @Kaniz Fatma​, I am getting below error while creating ATTRIBUTE-

%sql

CREATE ATTRIBUTE pii;

Output:

ParseException: 

[PARSE_SYNTAX_ERROR] Syntax error at or near 'ATTRIBUTE'(line 1, pos 7)

== SQL ==

CREATE ATTRIBUTE pii

-------^^^

Sumit_Kumar
New Contributor III
In response to Retired_mod

‎05-12-2023 07:28 AM

Hi @Kaniz Fatma​ , Thank you for your response.

Are you saying that "attribute" is nothing but a column name in a table?

I was under impression that attribute is like a tag which we should create before using it against a table's column(s). Sharing my reference below -

https://blog.cellenza.com/en/data/row-and-column-level-security-with-databricks/

https://www.databricks.com/blog/2021/05/26/introducing-databricks-unity-catalog-fine-grained-governa...

In either way, I am confused. I have tried to execute below command as per above databricks documentation, hoping it will create attribute, but its failing. Can you pls give an example how can we create a PII tag/attribute on a set of columns in databricks table?

[In below c_phone is a column containing sensitive data in customers table]

SQL> ALTER TABLE customers ADD ATTRIBUTE pii ON c_phone

Output:

ParseException:

[PARSE_SYNTAX_ERROR] Syntax error at or near 'ATTRIBUTE'(line 1, pos 48)

== SQL ==

ALTER TABLE iotsamples.tpch.customer_events ADD ATTRIBUTE pii ON c_phone

------------------------------------------------^^^

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements