cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cannot read from view if no access to underlying table

tomph
New Contributor II

‎07-23-2024 02:46 AM

Hi,

I created a view my_view in a schema project_schema in Unity catalog catalog_dev that is a select * from a table my_table in my common_schema in the same catalog.

I gave a service principal full grants on the project_schema. It is a owner of the schema and has full privileges on it. But when it tries to select from catalog_dev.project_schema.my_view (from a job cluster with Unity Catalog enabled) it gets the following exception:

Insufficient privileges: User does not have SELECT on Table 'catalog_dev.common_schema.my_table'.

It was my understanding that users do not need read access on all underlying tables in the view definition. What could be the issue?

Thank you,

Tommaso

0 Kudos
3 REPLIES 3

daniel_sahal
Esteemed Contributor

‎07-23-2024 03:56 AM

@tomph 
That's how views work in the most of the engines.
You need to grant the permissions to the underlying tables.

tomph
New Contributor II
In response to daniel_sahal

‎07-25-2024 02:36 AM

FYI this is not true. In serverless mode or with Shared clusters you can give access to the view without giving access to the underlying table. The problem arises with Single User clusters.

Does anyone know a workaround? Shared clusters have a lot of limitations

0 Kudos

daniel_sahal
Esteemed Contributor
In response to tomph

‎07-25-2024 10:42 PM

@tomph 

Yup, you're correct. I've check the documentation once more and it clearly statest that:

For single-user compute resources on Databricks Runtime 15.4 and above, shared compute resources, and SQL warehouses, you need SELECT on the view itself, USE CATALOG on its parent catalog, and USE SCHEMA on its parent schema.
For single-user compute resources on Databricks Runtime 15.3 and below, you must also have SELECT on all tables and views that the view references, in addition to USE CATALOG on their parent catalogs and USE SCHEMA on their parent schemas.

This was introduced in DBR 15.4 LTS (that was released this week). Switching to that DBR should workaround your issue.
https://docs.databricks.com/en/release-notes/runtime/15.4lts.html#single-user-compute-supports-fine-...

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements