cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

How to resolve the AnalysisException "DENY is not supported in Unity Catalog"

akashs04
New Contributor II

Hi All,

I am trying to manage access to objects created in a Unity Catalog.

I want the owner/creator of the object(me) to not have access to the object and only the specified users/groups to be able to select/perform other actions on the objects.

But the DENY Command is not supported in Unity Catalog. Is there any other way to deny access to the owner of the objects?

The command I am using is:

%sql

DENY EXECUTE ON FUNCTION catalogName.schemaName.functionTest TO `username@email.com`;

Thanks!

3 REPLIES 3

Ajay-Pandey
Esteemed Contributor III

Hi @Akash Sivadasโ€‹ ,

I think you can do it by data explorer tab.

Please refer below blog for the same-

Manage Unity Catalog permissions in Data Explorer | Databricks on AWS

Ajay Kumar Pandey

Hi. Apologies for not being more elaborate about the scenario.

Your solution would work for users who have been granted any permissions to the object but not for the owner of the object. I want the owner of the object to be revoked from accessing this object.

Ideally transferring the object ownership to another user would work. But in my case I am dealing with sensitive data and object creation happens with the help of a Databricks Job. The above mentioned step can be reverted by an admin in the Databricks Workspace. So, this job can still be executed by any other Admin in the Workspace using the owner's credentials to potentially access data.

Hi @Kaniz Fatmaโ€‹

I had already tried that but Databricks throws a ParseException saying possibly unquoted identifier username@email.com detected. Please consider quoting it with back-quoted as `username@email.com`

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group