cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CREATE OR REPLACE VIEW removes permissions [Unity Catalog]

vmpmreistad
New Contributor II

‎10-20-2023 07:06 AM

When I run CREATE OR REPLACE VIEW on an existing view in Unity Catalog, the grants that were made on that object are removed. This seems like it is a bug. Is it on purpose or not?
How to replicate:
1. Create the view
Run the create or replace statement:
create or replace view bronze.default.test_access_view
as
select 1 as one;
2. Grant access to a user
Run a statement to grant access
grant select on bronze.default.test_access_view to `user1`
3. Verify that user has access to view
4. Rerun the create or replace view statement
create or replace view bronze.default.test_access_view
as
select 1 as one;
5. Check permissions
User1 does not have permission on the table anymore.The reason I suspect this is a bug is because if I run CREATE OR REPLACE TABLE instead of view, and follow the same exact procedures as above, then user1 does not lose access to the table afterwards.Is this a bug that can be fixed?

Labels:
0 Kudos
1 REPLY 1

Kaniz
Community Manager
Community Manager

‎10-30-2023 02:21 AM

Hi @vmpmreistad, It appears that the issue you're facing is a known behaviour in Databricks when you execute a CREATE OR REPLACE VIEW statement on an existing view. This action overwrites the existing view definition, including any previously granted permissions on the view.

This behaviour is not a bug but rather a limitation of the CREATE OR REPLACE VIEW statement in Databricks.

To work around this limitation and preserve existing grants on the view, you can use the ALTER VIEW statement instead of CREATE OR REPLACE VIEW. The ALTER VIEW statement allows you to modify the existing view without removing any previously granted permissions.

Here's how you can use ALTER VIEW to modify the view while preserving existing grants:

 

%sql
-- Grant permissions on the view if necessary
GRANT SELECT ON bronze.default.test_access_view TO user1

-- Alter the view
ALTER VIEW bronze.default.test_access_view
AS
SELECT 1 as one;
-- Verify that user1 still has permission on the view

By employing the ALTER VIEW statement in place of CREATE OR REPLACE VIEW, you can modify the view without losing any previously granted permissions.

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.