cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Databricks SQL View with table access control

Go to solution
LukaszJ
Contributor III

โ€Ž06-27-2022 12:42 AM

Hello,

I want to grant 'select' option on some columns in my table.

So i created view, and now people can access my view but cannot access the table.

However, they cannot do 'select' on the view, because they do not have privileges to the table.

What can I do in this situation?

Best regards,

ลukasz

Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
NM
New Contributor III
In response to LukaszJ

โ€Ž06-29-2022 09:47 AM

In that case, you need to grant SELECT permission on table too. I'm not sure if you can only grant permissions on only some columns. It will be on all columns of the table if permission is given on table.

โ€‹

View solution in original post

8 REPLIES 8

Go to solution
Hubert-Dudek
Esteemed Contributor III

โ€Ž06-27-2022 06:58 AM

If the owners are not the same, the user (one which has SELECT on VIEW) must also have  SELECT privileges on the underlying table.

Please check that owner of the view and table are the same. If not, please set it to the same owner (user or group).

ALTER SCHEMA <schema-name> OWNER TO `<user-name>@<user-domain>.com`

Go to solution
LukaszJ
Contributor III
In response to Hubert-Dudek

โ€Ž06-29-2022 09:18 AM

Dear Hubert,

Thank you for the answer.

To my mind, It does not make sense.

So how can I only share some of the columns in the table with someone?

The problem is that the table is fed frequently. It seems strange to create a new one (without a few columns) after every update of the first one.

Do you have any advice?

Best regards,

ลukasz

Go to solution
Nathan_OB
New Contributor II
In response to Hubert-Dudek

โ€Ž08-29-2023 11:29 PM

Thanks for the tip regarding the view and the owner needing to have the same owner - this resolved my issue!!

0 Kudos

Go to solution
01_binary
New Contributor III

โ€Ž06-28-2022 10:44 AM

For best practice, grant usage on database and SELECT on view. They donโ€™t need to have access to table.

Go to solution
LukaszJ
Contributor III
In response to 01_binary

โ€Ž06-29-2022 09:20 AM

Dear 01_binary,

I suppose it doesn't work with this combination.

Then the user (who does not have access to the table, but has view access) gets a message that the table is not authorized.

Best regards,

ลukasz

0 Kudos

Go to solution
NM
New Contributor III
In response to LukaszJ

โ€Ž06-29-2022 09:47 AM

In that case, you need to grant SELECT permission on table too. I'm not sure if you can only grant permissions on only some columns. It will be on all columns of the table if permission is given on table.

โ€‹

Go to solution
LukaszJ
Contributor III
In response to Retired_mod

โ€Ž06-29-2022 09:23 AM

Dear Kaniz,

Yes you are right.

I am so sorry for the problem, but I do not have time to answer every day.

However, I will always give an answer, with a slight delay at most.

Best regards,

ลukasz

Go to solution
LukaszJ
Contributor III

โ€Ž07-07-2022 04:11 AM

To sum up,

It is not possible to create a view based on a table that someone does not have permission to.

It's a pity, because this option would be very useful to limit access to batch-fed tables.

Thanks all for the help and your time!

Regards,

ลukasz

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements