cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CREATE OR REPLACE VIEW removes permissions [Unity Catalog]

vmpmreistad
New Contributor II

‎10-20-2023 07:06 AM

When I run CREATE OR REPLACE VIEW on an existing view in Unity Catalog, the grants that were made on that object are removed. This seems like it is a bug. Is it on purpose or not?
How to replicate:
1. Create the view
Run the create or replace statement:
create or replace view bronze.default.test_access_view
as
select 1 as one;
2. Grant access to a user
Run a statement to grant access
grant select on bronze.default.test_access_view to `user1`
3. Verify that user has access to view
4. Rerun the create or replace view statement
create or replace view bronze.default.test_access_view
as
select 1 as one;
5. Check permissions
User1 does not have permission on the table anymore.The reason I suspect this is a bug is because if I run CREATE OR REPLACE TABLE instead of view, and follow the same exact procedures as above, then user1 does not lose access to the table afterwards.Is this a bug that can be fixed?

Labels:
0 Kudos
1 REPLY 1

marcell_nagy
New Contributor II
In response to Retired_mod

‎09-02-2024 12:45 PM

Hello @Retired_mod , you are wrong, this is a bug. I'll file an issue to remove this feature from Databricks. It can be of course possible to change only the definition/code of the view and do not touch or just copy the previous permissions. Permission management always had separated commands and UI tab, and it is very bad for CI/CD tasks, where alter view is not the same and thus not an alternative. Even if it relates to the create or replace view, Databricks SQL can create keywords to tell that when replacing the view, do not touch the permissions. Or just a command to refresh the code of the view. Maybe changing/keeping the permissions could be controlled under another permission. So there are lot of possibilities.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements