Scribd
Upload
32 views7 pages

Data Object Privileges

The document outlines a data governance model focused on managing permissions for data objects, detailing how to programmatically grant, deny, and revoke access. It specifies various data objects such as catalogs, schemas, tables, views, and functions, along with the associated privileges like SELECT, MODIFY, and CREATE. Additionally, it describes the roles that can grant access privileges and mentions operations like SHOW GRANTS.

Uploaded by

xiyipix919
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views7 pages

Data Object Privileges

The document outlines a data governance model focused on managing permissions for data objects, detailing how to programmatically grant, deny, and revoke access. It specifies various data objects such as catalogs, schemas, tables, views, and functions, along with the associated privileges like SELECT, MODIFY, and CREATE. Additionally, it describes the roles that can grant access privileges and mentions operations like SHOW GRANTS.

Uploaded by

xiyipix919
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Data object privileges

Learning Objectives

u Data governance model

u Managing Permissions for Data objects


Data governance model

u Programmatically grant, deny, and revoke access to data objects

GRANT Privilege ON Object <object-name> TO <user or group>

u GRANT SELECT ON TABLE my_table TO [email protected]


Data objects

GRANT Privilege ON Object <object-name> TO <user or group>

Object Scope

CATALOG controls access to the entire data catalog.

SCHEMA controls access to a database.

TABLE controls access to a managed or external table.

VIEW controls access to SQL views.

FUNCTION controls access to a named function.

ANY FILE controls access to the underlying filesystem.


Privileges

GRANT Privilege ON Object <object-name> TO <user or group>

Privilege Ability

SELECT read access to an object.

MODIFY add, delete, and modify data to or from an object.

CREATE create an object

READ_METADATA view an object and its metadata.

USAGE No effect! required to perform any action on a database object.

ALL PRIVILEGES gives all privileges


Granting Privileges by Role

Role Can grant access privileges for

Databricks All objects in the catalog and the


administrator underlying filesystem.
Catalog
Catalog owner All objects in the catalog.

Schema
Database owner All objects in the database. (Database)

Table owner Only the table


Table View Function

… …
More operations

u Grant
u DENY
u REVOKE

u SHOW GRANTS

You might also like