cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

View alter permission for multiple members

mrinmoygupta
New Contributor

yesterday

Hi I've setup the gold layer for my client by creating views. Currently not using CI/CD for view deployment but it's on roadmap. Now I've another 2-3 people joining the team and they will be making minor updates to the views as a result of change requests. This was perfectly possible in SQL Server. But in databricks other members are unable alter existing views as the views are currently tied with my user name as the view owners. If I change the view owner to a group next time another member alters the view he then becomes the view owner and other member does not even have permission to change owner. Wonder what would be best practice in this case without having to implement CI/CD. Thanks in advance.

Labels:
0 Kudos
2 REPLIES 2

Alberto_Umana
Databricks Employee
Databricks Employee

5 hours ago

Hi @mrinmoygupta,

You can try below approach:

Use Groups for Ownership: Assign the ownership of views to a group rather than individual users. This ensures that all members of the group have the necessary permissions to alter the views. However, be aware that when a member of the group alters a view, they might become the new owner, which can restrict other members from making further changes.

Grant Appropriate Permissions: Ensure that the group has the necessary permissions to manage the views. This includes granting CAN_MANAGE or IS_OWNER permissions to the group. This way, even if the ownership changes, the group members can still manage the views.

Use Unity Catalog: If you are using Unity Catalog, you can manage permissions more effectively. Unity Catalog allows you to set permissions at different levels (catalog, schema, table, view) and ensures that only authorized users or groups can make changes. You can grant USAGE and SELECT permissions on the catalog and schema, and SELECT on the views to the group.

0 Kudos

mrinmoygupta
New Contributor

4 hours ago - last edited 4 hours ago

Hi @Alberto_Umana thank you for your response. Unfortunately we already have all these three things in place. The problem still remains as when a member of the group alters a view, they might become the new owner, which can restrict other members from making further changes

My question is for someone who is using the same setup (still not using service principal for deployment) how do they deal with this situation. Do we always need an admin to transfer ownership back to a group after an individual developer alters a view?

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements