Administrator privileges in Unity Catalog

Metastore administrators have privileges for creating metastore-level securable objects in Unity Catalog. You can grant privileges to create metastore-level securables to users, groups, and service principals in the account. Databricks recommends limiting these privileges to trusted power users.

Metastore level privileges

  • CREATE CATALOG: Allows a user to create a catalog.

  • CREATE EXTERNAL LOCATION: Allows a user to create an external location.

  • CREATE SHARE: Allows a data provider user to create a share in Delta Sharing.

  • CREATE RECIPIENT: Allows a data provider user to create a recipient in Delta Sharing.

  • CREATE PROVIDER: Allows a data recipient user to create a provider in Delta Sharing.

Account administrator privileges

Account administrators have the following privileges:

  • Can create metastores, and by default become the initial metastore admin.

  • Can enable Delta Sharing for a metastore.

  • Can configure storage credentials.

  • Can change the metastore administrator.