cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Unable to update view comment via SQL/API unless owner, but column comments work (Unity Catalog)

shadman140
Visitor

7 hours ago

Iโ€™m working with Databricks Unity Catalog and observing an inconsistent permission behavior for views.

Scenario

  • A view exists that was created by another user

  • I have sufficient privileges on the catalog/schema/view (SELECT, MODIFY, ALL PRIVILEGES)

  • I can:

    • Query the view

    • Add column comments for view successfully using SQL editor in databricks UI and /statements api end point with COMMENT ON COLUMN query

    • Update the view comment via Databricks UI

  • But I cannot update the view-level comment via SQL editor in databricks UI or API

Question

  • Why Views is bound by this owner condition while table works with MODIFY permission only?
  • While documentation says, "Comment on column" will only work for owners but I am able to use it even when I don't own the view? 
0 Kudos
1 REPLY 1

stbjelcevic
Databricks Employee
Databricks Employee

3 hours ago

Interesting, for UC, COMMENT ON COLUMN requires MODIFY on a table, and OWNER on a view. If multiple people need to maintain a view, the recommended pattern is to make a group the owner and grant that group the required access to source data. Why is it designed like that: to reduce the risk of privilege escalation via view edits. (FYI, I didn't make these decisions, this is just what I'm able to find).

Note that granting ALL PRIVILEGES on a view doesnโ€™t give you OWNER or even MANAGE.

Is it possible the view is owned by a group that you belong to? You can use the following to see who owns the view:
DESCRIBE EXTENDED catalog.schema.view_name; -- Owner is shown in the Detailed Table Information section.

0 Kudos
Announcements