Hello everyone,
I just finished DE 6.1 - Create and Govern Data with UC notebook for the Data Engineering with Databricks (ID: E-VPOZ70) course and there is something at the very end of the notebook that does not seem right.
The notebook revokes usage on a catalogue:
REVOKE USAGE ON CATALOG ${DA.my_new_catalog} FROM `account users`
and then proceeds to say that this should disrupt the "gold" query:
SELECT * FROM labuser7782348_9htt_da.example.agg_heartrate
because the permission chain is broken at the catalogue level.
But my "gold" query happily returns the same result before and after?
I would assume that it uses my "owner" permissions on the data, the function, and the catalogue and does not care whether some group was given access to it or not? But I'm not sure as I am just learning.
The exact wording in the notebook is this:
Back in Databricks SQL, re-run the *gold* query, and we see now that even though we have proper permissions on the view and schema, the missing privilege higher up in the hierarchy will break access to this resource. This illustrates Unity Catalog's explicit permission model in action: no permissions are implied or inherited.
Having read this, I was expecting to see some error message that has to do with permissions but that was not the case and I can run the "gold" query unrestricted.
Any advice is welcome!
