How can I give users permissions to see the objects metadata without access to data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2022 10:34 PM
Only permissions I can see are select and this gives access to data and that is very unwanted. I only want users to see the metadata, like table/view/column names and descriptions/comments and location and such but not to see any data.
- Labels:
-
Column names
-
Permissions
-
Users Permissions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2022 03:04 AM
Hi @Merca Ovnerud , you have 'READ_METADATA' privilege that you can set for a data object.
Example code in SQL: GRANT READ_METADATA ON SCHEMA schema_name TO user/user_group;
Reference link: https://learn.microsoft.com/en-us/azure/databricks/security/access-control/table-acls/object-privile...
Hope it helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2022 03:30 AM
Unfortunately I get error on this grant:
`Value 'READ_METADATA' is not a valid permission`
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2022 09:57 AM
Hi @Merca Ovnerud
You can try in the same method @Geeta Sai Boddu suggested.
Before trying make sure that your cluster has table access control enabled. Only if your cluster is a shared access cluster, it will be enabled by default.
Also someone with admin privileges must enable table access control to your workspace.
Do check out these prerequisites before running that SQL code.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2022 09:59 AM
Enabling Table Access Control for your workspace : https://learn.microsoft.com/en-us/azure/databricks/administration-guide/access-control/table-acl
Enabling Table ACL for cluster : https://learn.microsoft.com/en-us/azure/databricks/security/access-control/table-acls/table-acl#tabl...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2022 10:50 AM
You can refer this as well.
GRANT USAGE ON SCHEMA database TO user
GRANT READ_METADATA ON SCHEMA database TO user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2022 08:29 PM
@Uma Maheswara Rao Desula , @Geeta Sai Boddu and @S S ,
Thank you for the responses. I have gotten answer from Databricks and it seems this is not possible and this is something that is investigated as a capability.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2023 01:59 PM
Can someone confirm that when using Unity Catalog we cannot restrict a user only for metadata access ?