cancel
Showing results for 
Search instead for 
Did you mean: 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results for 
Search instead for 
Did you mean: 

How does Databricks Unity Catalog deal with privileges if a user is part of multiple groups?

aladda
Honored Contributor II
Honored Contributor II
1 REPLY 1

zpappa
New Contributor III
New Contributor III

Privileges are additive by design.

Let's say I as a user belong to 2 groups, foo1, foo2.

The admin has run the following SQL:

GRANT SELECT on table bar to `foo1`

This means that I'll be able to select from the table bar because there's a grant.

Let's say the admin runs the following SQL:

GRANT SELECT ON table bar to `foo2`

This means that I'll be able to select from the table bar because there's a grant (now 2 grants).

Now If I revoke the first grant to the first group

REVOKE SELECT ON table bar from `foo1`

I will still be able to query from the table bar, because the second grant is still there.

Where things get complicated is when you have dynamic views that depend on individual columns showing up based on group membership. This depends entirely on how the view is written and what the logical conditions are for case evaluation.

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!