cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is there anyway to execute grant and revoke statements to a user for an object based on a condition?

data_explorer
New Contributor II

‎01-31-2023 01:48 AM

SELECT if((select count(*) from information_schema.table_privileges where grantee = 'samo@test.com' and table_schema='demo_schema' and table_catalog='demo_catalog')==1, (select count(*) from demo_catalog.demo_schema.demo_table), (select count(*) from demo_catalog.demo_schema.demo_table2));

The above query is working and I'm getting the result.

But what I'm trying to achieve is that,

if

select count(*) from information_schema.table_privileges where grantee = 'samo@test.com' and table_schema='demo_schema' and table_catalog='demo_catalog')==1

If the above condition is true , then I want to run the below subqueries altogether:

revoke select on table demo_catalog.demo_schema.demo_table from `samo@test.com`;revoke usage on catalog demo_catalog from `samo@test.com`;revoke usage on schema demo_catalog.demo_schema from `samo@test.com`;

Basically, for a user, if there is access to only one table, then I want to revoke the access from table, schema and catalog.

Is it possible to achieve this, if yes, How to achieve it?

Labels:
0 Kudos
1 REPLY 1

Debayan
Databricks Employee
Databricks Employee

‎02-05-2023 05:12 AM

Hi, GRANT and REVOKE are privileges on an securable object to a principal. And a principal is a user, service principal, or group known to the metastore. Principals can be granted privileges and may own securable objects.

Also, you can use REVOKE ON SHARE to revoke access on shares from recipients and you can use GRANT ON SHARE to grant recipients access to shares.

Please refer: https://docs.databricks.com/sql/language-manual/security-grant.html

https://docs.databricks.com/sql/language-manual/security-revoke.html

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements