Databricks Community

old_school · 2 weeks ago

Hey Databricks Community,

I have applied USE CATALOG, USE SCHEMA and SELECT privilege to a table in the unity catalog. The grants shows only SELECT but I am able to do INSERT as well. Is this the expected behaviour ? or am missing something ?

DELETE and UPDATE doesn't work which is expected.

I am using databricks sdk version 0.7.0

Thank you.

Khaja_Zaffer · 2 weeks ago

Hello @old_school

Good day!

I dont think its expected behaviour.

Table Privileges Summary

PrivilegeAllowsPrerequisites

SELECT	Read data (SELECT * FROM table)	USE CATALOG + USE SCHEMA
MODIFY	Write data: INSERT, UPDATE, DELETE, MERGE	SELECT + USE CATALOG + USE SCHEMA
MANAGE	Manage grants, ownership, drop/rename	USE CATALOG + USE SCHEMA
ALL PRIVILEGES	All above (expands dynamically)

You can look here for more details on the same: https://docs.databricks.com/aws/en/data-governance/unity-catalog/manage-privileges/privileges

USE CATALOG and USE SCHEMA are prerequisites—they don't grant read/write on their own. SELECT → read-only. INSERT requires MODIFY (plus prerequisites).

So we can check UI approach: Data → Catalog → Table → Permissions tab → Select your principal (user/group/SP).Shows full effective list (direct + inherited). If MODIFY listed → explains INSERT.

You can also do this by

SHOW GRANTS ON SCHEMA <catalog>.<schema>;SHOW GRANTS ON CATALOG <catalog>;

Revoke unwanted:

REVOKE MODIFY ON SCHEMA <catalog>.<schema> FROM `<principal>`;

Databricks Community

Data Governance Unity Catalog: SELECT privilege

Join Us as a Local Community Builder!

Big Book of Data Engineering - Get how-tos, code snippets and real-world examples

🌟 Community Pulse: Your Weekly Roundup! October 31 – November 06, 2025

BrickTalks: Serve intelligence from your Lakehouse to your Apps with Lakebase

Free Edition Hackathon

Level Up with Databricks Specialist Sessions