cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Command restrictions

ElaPG
New Contributor III

โ€Ž01-01-2024 10:48 AM

Is there any possibility to restrict usage of specified commands (like mount/unmount or SQL grant) based on group assignment? I do not want everybody to be able to execute these commands.

0 Kudos
7 REPLIES 7

Wojciech_BUK
Contributor III

โ€Ž01-01-2024 10:06 PM

It is not possible to block running specific commands. 

You rather block it in different way e.g. only onwer of catalog, schema or table can grant privilege to object, so you restrict who can be owner.

If someone creates table , he become table owner ( so he can grant access) , so you can block table creation.

0 Kudos

ElaPG
New Contributor III
In response to Wojciech_BUK

โ€Ž01-02-2024 01:50 AM

Thanks for your reply.

1) Regarding objects, such as tables, I can grant or revoke priviligies to users/groups, right?

2) What about mount/unmount commands? Can I specify who can or cannot execute such commands?

0 Kudos

Wojciech_BUK
Contributor III
In response to ElaPG

โ€Ž01-02-2024 07:12 AM

Hi 
1) Yes, only if you are e.g. Owner of Schema, then you can Manage Grant of this schema and underlying tabes to others
Please check his docs:
https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/ownership.html#owners...

2) Regarding mounts:
I don't think this is possible to restric command itself, if our users will come with valid e.g. Access Key and Storage Account - they will be able to mount the Storage.

I am not sure about below statment but you can check it by yourself:
I think with Unity Catalog enabled cluster with SHARED access mode you won't be able to use or create mounts. If this is correct just grant access to Shared cluster for your end users but please check it before.
Please remember that mounting is not recommended way now as we have External Locations in Unity Catalog 

ElaPG
New Contributor III
In response to Wojciech_BUK

โ€Ž01-02-2024 11:49 AM

Thanks for advice.

I thought that maybe it is possible to create groups with specified permissions (SQL, python) and this way restrict execute command for e.g. mounting.

0 Kudos

Wojciech_BUK
Contributor III

โ€Ž01-02-2024 12:06 PM

If you are ok for users to have only SQL syntax available ( no mounts ) , you can provision SQL warehouse for users , not clusters

0 Kudos

ElaPG
New Contributor III
In response to Wojciech_BUK

โ€Ž01-02-2024 12:11 PM

Unfortunately writing SQL and python code in notebooks is needed.

0 Kudos

Kaniz
Community Manager
Community Manager

โ€Ž01-18-2024 01:30 AM

Thank you for posting your question in our community! We are happy to assist you.

To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?

This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance! 
 

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.