cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Lakebase branches and permissions to SQL editor

Go to solution
Sega2
New Contributor III

2 weeks ago

Our admin created a project for lakebase branching. My user has "Can manage" permissions. I can create branches etc, however when I run something in the SQL editor i get following error:

"ERROR: permission denied for schema public (SQLSTATE 42501)

CREATE TABLE IF NOT EXISTS playing_with_lakebase(id SERIAL PRIMARY KEY, name TEXT NOT NULL, value REAL)

Any pointers if this is by design? 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Louis_Frolio
Databricks Employee
Databricks Employee

2 weeks ago

Greetings @Sega2 , I did some digging and here is what I found. 

Your screenshot (thanks for sharing, it was helpful) is showing a user running a Postgres CREATE TABLE statement in the Lakebase SQL Editor and hitting this error:

In Lakebase, there are currently two separate permission layers at play.

Databricks project permissions such as CAN USE and CAN MANAGE control access to project resources and UI capabilities, including things like branches, computes, and the SQL Editor itself.

Postgres permissions control what the user can actually do inside the database, such as creating tables in a schema.

So, having CAN MANAGE on the project does not automatically grant CREATE privileges on the public schema. The error shown here is coming from Postgres because the role being used in the SQL Editor does not have the required schema-level privileges.

To resolve it, the project owner or database admin should grant the needed access, for example:

GRANT CONNECT ON DATABASE your_db TO "your_user_or_group";
GRANT USAGE, CREATE ON SCHEMA public TO "your_user_or_group";

Once those grants are in place, the CREATE TABLE statement should run successfully from the Lakebase SQL Editor.

This aligns with how Lakebase is designed today, where project permissions and in-database Postgres permissions are managed separately.

Hope this helps, Louis.

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
Louis_Frolio
Databricks Employee
Databricks Employee

2 weeks ago

Greetings @Sega2 , I did some digging and here is what I found. 

Your screenshot (thanks for sharing, it was helpful) is showing a user running a Postgres CREATE TABLE statement in the Lakebase SQL Editor and hitting this error:

In Lakebase, there are currently two separate permission layers at play.

Databricks project permissions such as CAN USE and CAN MANAGE control access to project resources and UI capabilities, including things like branches, computes, and the SQL Editor itself.

Postgres permissions control what the user can actually do inside the database, such as creating tables in a schema.

So, having CAN MANAGE on the project does not automatically grant CREATE privileges on the public schema. The error shown here is coming from Postgres because the role being used in the SQL Editor does not have the required schema-level privileges.

To resolve it, the project owner or database admin should grant the needed access, for example:

GRANT CONNECT ON DATABASE your_db TO "your_user_or_group";
GRANT USAGE, CREATE ON SCHEMA public TO "your_user_or_group";

Once those grants are in place, the CREATE TABLE statement should run successfully from the Lakebase SQL Editor.

This aligns with how Lakebase is designed today, where project permissions and in-database Postgres permissions are managed separately.

Hope this helps, Louis.

0 Kudos
Announcements