Programmatically grant, deny, and revoke access to data objects
GRANT <Privilege> ON Object <object name> TO <user or group>
//eg:
GRANT SELECT ON TABLE my_table TO user_1@company.com
Privilege:
- SELECT
- MODIFY (add, delete, and modify data to or from an object.)
- CREATE
- READ_METADATA
- USAGE (required to perform any action on a database object.)
- ALL PRIVILEDGES
Object:
- Catalog
- Schema
- Table
- View
- Function
- Any File (underlying filesystem)
More operations:
- Grant
- DENY (DENY blocks access. DENY trumps all other access like grant)
- REVOKE (undoes a permission)
- SHOW GRANTS
To grant privileges, you have to be:
- Databrick administrator
- object owners
To identify the owner of a table, review the Owner field in the table’s page in Data Explorer