cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Databricks SQL View with table access control

LukaszJ
Contributor III

Hello,

I want to grant 'select' option on some columns in my table.

So i created view, and now people can access my view but cannot access the table.

However, they cannot do 'select' on the view, because they do not have privileges to the table.

What can I do in this situation?

Best regards,

ลukasz

1 ACCEPTED SOLUTION

Accepted Solutions

NM
New Contributor III

In that case, you need to grant SELECT permission on table too. I'm not sure if you can only grant permissions on only some columns. It will be on all columns of the table if permission is given on table.

โ€‹

View solution in original post

8 REPLIES 8

Hubert-Dudek
Esteemed Contributor III

If the owners are not the same, the user (one which has SELECT on VIEW) must also have  SELECT privileges on the underlying table.

Please check that owner of the view and table are the same. If not, please set it to the same owner (user or group).

ALTER SCHEMA <schema-name> OWNER TO `<user-name>@<user-domain>.com`

Dear Hubert,

Thank you for the answer.

To my mind, It does not make sense.

So how can I only share some of the columns in the table with someone?

The problem is that the table is fed frequently. It seems strange to create a new one (without a few columns) after every update of the first one.

Do you have any advice?

Best regards,

ลukasz

Thanks for the tip regarding the view and the owner needing to have the same owner - this resolved my issue!!

01_binary
New Contributor III

For best practice, grant usage on database and SELECT on view. They donโ€™t need to have access to table.

Dear 01_binary,

I suppose it doesn't work with this combination.

Then the user (who does not have access to the table, but has view access) gets a message that the table is not authorized.

Best regards,

ลukasz

NM
New Contributor III

In that case, you need to grant SELECT permission on table too. I'm not sure if you can only grant permissions on only some columns. It will be on all columns of the table if permission is given on table.

โ€‹

Dear Kaniz,

Yes you are right.

I am so sorry for the problem, but I do not have time to answer every day.

However, I will always give an answer, with a slight delay at most.

Best regards,

ลukasz

LukaszJ
Contributor III

To sum up,

It is not possible to create a view based on a table that someone does not have permission to.

It's a pity, because this option would be very useful to limit access to batch-fed tables.

Thanks all for the help and your time!

Regards,

ลukasz

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group