Can't able to run following queries

deficiant_codge
Contributor II

I cannot able to run following queries

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email

ALTER TABLE users ADD ATTRIBUTE pii ON phone

GRANT SELECT ON DATABASE iot_data

HAVING ATTRIBUTE NOT IN (pii)

TO product_managers

and

GRANT SELECT ON iot_events TO engineers

GRANT SELECT(date, country) ON iot_events TO marketing

Anything i am missing?

karthik_p
Databricks Partner

@Rahul Mishra​ I have tried above and did not work for me, but you can create view and try below queries to mask your columns or row Create views | Databricks on AWS

karthik.p

View part also worked for me but i want to control the grant part and don't wanna create view

Thing is create view is not a unique feature of unity catalog but this grant part is actually is so i wanna implement that

karthik_p
Databricks Partner

@Kaniz Fatma​ can anyone from data Bircks help on why attribute-based access control function is not working in unity catalog @Rahul Mishra​ 

below commands

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email

ALTER TABLE users ADD ATTRIBUTE pii ON phone

GRANT SELECT ON DATABASE iot_data

HAVING ATTRIBUTE NOT IN (pii)

TO product_managers

karthik.p

@Kaniz Fatma​  even the support page is not working it's redirecting me again and again to the same page

Hi @Kaniz Fatma​, I am getting below error while creating ATTRIBUTE-

%sql

CREATE ATTRIBUTE pii;

Output:

ParseException: 

[PARSE_SYNTAX_ERROR] Syntax error at or near 'ATTRIBUTE'(line 1, pos 7)

== SQL ==

CREATE ATTRIBUTE pii

-------^^^

Hi @Kaniz Fatma​ , Thank you for your response.

Are you saying that "attribute" is nothing but a column name in a table?

I was under impression that attribute is like a tag which we should create before using it against a table's column(s). Sharing my reference below -

https://blog.cellenza.com/en/data/row-and-column-level-security-with-databricks/

https://www.databricks.com/blog/2021/05/26/introducing-databricks-unity-catalog-fine-grained-governa...

In either way, I am confused. I have tried to execute below command as per above databricks documentation, hoping it will create attribute, but its failing. Can you pls give an example how can we create a PII tag/attribute on a set of columns in databricks table?

[In below c_phone is a column containing sensitive data in customers table]

SQL> ALTER TABLE customers ADD ATTRIBUTE pii ON c_phone

Output:

ParseException:

[PARSE_SYNTAX_ERROR] Syntax error at or near 'ATTRIBUTE'(line 1, pos 48)

== SQL ==

ALTER TABLE iotsamples.tpch.customer_events ADD ATTRIBUTE pii ON c_phone

------------------------------------------------^^^