02-23-2023 10:08 PM
Hi All,
I am trying to manage access to objects created in a Unity Catalog.
I want the owner/creator of the object(me) to not have access to the object and only the specified users/groups to be able to select/perform other actions on the objects.
But the DENY Command is not supported in Unity Catalog. Is there any other way to deny access to the owner of the objects?
The command I am using is:
%sql
DENY EXECUTE ON FUNCTION catalogName.schemaName.functionTest TO `username@email.com`;
Thanks!
02-24-2023 01:56 AM
Hi @Akash Sivadas ,
I think you can do it by data explorer tab.
Please refer below blog for the same-
Manage Unity Catalog permissions in Data Explorer | Databricks on AWS
02-24-2023 02:15 AM
Hi. Apologies for not being more elaborate about the scenario.
Your solution would work for users who have been granted any permissions to the object but not for the owner of the object. I want the owner of the object to be revoked from accessing this object.
Ideally transferring the object ownership to another user would work. But in my case I am dealing with sensitive data and object creation happens with the help of a Databricks Job. The above mentioned step can be reverted by an admin in the Databricks Workspace. So, this job can still be executed by any other Admin in the Workspace using the owner's credentials to potentially access data.
02-24-2023 05:00 AM
Hi @Akash Sivadas, It seems there is a syntax error here. Please try the below syntax:-
%sql
DENY EXECUTE ON FUNCTION catalogName.schemaName.functionTest TO username@email.com;
02-24-2023 05:31 AM
Hi @Kaniz Fatma
I had already tried that but Databricks throws a ParseException saying possibly unquoted identifier username@email.com detected. Please consider quoting it with back-quoted as `username@email.com`
02-24-2023 05:38 AM
Hi @Akash Sivadas, Unity Catalog does not support this function. This statement applies only to the hive_metastore catalog and its objects.
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.
If there isn’t a group near you, start one and help create a community that brings people together.
Request a New Group