cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Unity Catalog Table Permissions

Addyy
New Contributor II

a week ago

I have granted table level permissions in Unity Catalog for users but users are still facing access issues when PowerBI reports are using these tables. Is this expected or I am missing some configuration setting?

Labels:
0 Kudos
3 REPLIES 3

balajij8
Contributor

a week ago

The error might be because of permission hierarchy issues. Power BI users also need

  • USAGE permissions on the Catalog and Schema containing the tables
  • Can Use permissions on the SQL Warehouse that Power BI is hitting
  • Ensure the users are synced to the Databricks workspace
0 Kudos

Lu_Wang_ENB_DBX
Databricks Employee
Databricks Employee

a week ago - last edited a week ago

This depends on whether the user can access that table directly within Databricks workspace catalog. Try to see if the user can pull sample data.  If the user can't access the table even inside Databricks workspace, then definitely look at catalog and schema permissions.

To grant access to the table:

GRANT USE CATALOG ON CATALOG <catalog_name> TO `<principal>`;
GRANT USE SCHEMA ON SCHEMA <catalog_name>.<schema_name> TO `<principal>`;
GRANT SELECT ON TABLE <catalog_name>.<schema_name>.<table_name> TO `<principal>`;

If the user can access inside Databricks workspace, then make sure you grant the PBI compute permission:
GRANT CAN USE ON WAREHOUSE <warehouse_name> TO `<principal>`;

If you are using Fabric โ€œmirrored catalogโ€ / external access, not the standard Databricks connector only, you will need:

  • External data access enabled on the metastore.
    EXTERNAL USE SCHEMA on the schema (or catalog) for the identity that configures the connection, plus the same SELECT/USE CATALOG/USE SCHEMA as above.

 

0 Kudos

Ashwin_DSA
Databricks Employee
Databricks Employee

a week ago

Hi @Addyy,

@balajij8 is right. For Power BI (via a SQL warehouse), users need a full chain of Unity Catalog + warehouse permissions. If youโ€™ve only granted SELECT at the table level to individual users, but not USE CATALOG/USE SCHEMA on the hierarchy or not to the correct identity (service principal vs. user), then the Power BI reports will still hit access errors. So youโ€™re likely just missing those pieces, not hitting a bug.

Here are some checks you could do...

The first one is usually the lack of UC object privileges. To query catalog.schema.table, the principal that Power BI uses must have the following....

  • USE CATALOG on the catalog
  • USE SCHEMA on the schema
  • SELECT on the table

Example (for a group "data_analysts"), make sure you have granted these privileges.

GRANT USE CATALOG ON CATALOG my_catalog TO `data_analysts`;
GRANT USE SCHEMA ON SCHEMA my_catalog.my_schema TO `data_analysts`;
GRANT SELECT ON TABLE my_catalog.my_schema.my_table TO `data_analysts`;

Secondly, check what identity Power BI actually uses to connect. If it uses OAuth/SSO, the Entra ID user visible to Databricks must have the above UC privileges. If it is using a service principal or PAT, then the service principal or PAT owner needs the UC grants on catalog, schema, and table, plus any Power BI connection objects used for jobs.

You may also want to check the SQL warehouse configuration and access to ensure the warehouse is Unity Catalog enabled. UC governs data access on SQL warehouses for most assets. Also, users/SPs also need at least CAN USE (or higher) on the SQL warehouse ACLs so that Power BI can run queries through it.

For Power BI integration via the Databricks connector, the docs explicitly require that your data is in Unity Catalog, and your compute (SQL warehouse) is UCโ€‘enabled; Hive metastore is not supported for these flows.

If this answer resolves your question, could you mark it as โ€œAccept as Solutionโ€? That helps other users quickly find the correct fix.

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***
0 Kudos
Announcements