Administrator privileges in Unity Catalog

Metastore administrators have privileges for creating metastore-level securable objects in Unity Catalog. You can grant privileges to create metastore-level securables to users, groups, and service principals in the account. Databricks recommends limiting these privileges to trusted power users.

Metastore level privileges

• CREATE CATALOG: Allows a user to create a catalog.

• CREATE EXTERNAL LOCATION: Allows a user to create an external location.

• CREATE SHARE: Allows a data provider user to create a share in Delta Sharing.

• CREATE RECIPIENT: Allows a data provider user to create a recipient in Delta Sharing.

• CREATE PROVIDER: Allows a data recipient user to create a provider in Delta Sharing.

Account administrator privileges

Account administrators have the following privileges:

• Can create metastores, and by default become the initial metastore admin.

• Can enable Delta Sharing for a metastore.

• Can configure storage credentials.

• Can change the metastore administrator.