Manage Unity Catalog object ownership

Each securable object in Unity Catalog has an owner. The owner can be any user, service principal, or account group, known as a principal. The principal that creates an object becomes its initial owner. An object’s owner has all privileges on the object, such as SELECT and MODIFY on a table, in addition to the permission to grant privileges to other principals. An object’s owner has the ability to drop the object.

Inheritance

Owners of an object are automatically granted all privileges on that object. In addition, object owners can grant privileges on the object itself and on all of its child objects. This means that owners of a schema do not automatically have all privileges on the tables in the schema, but they can grant themselves privileges on the tables in the schema.

Permissions required to transfer ownership

Object ownership can be transferred to other principals by the current owner, a metastore admin, or the owner of the container (the catalog for a schema, the schema for a table). Delta Sharing share objects are an exception: principals with the USE SHARE and SET SHARE PERMISSION can also transfer share ownership.

See Unity Catalog privileges and securable objects.

Show owner

To see the owner of a securable object, use the following syntax. Replace the placeholder values:

  • <SECURABLE-TYPE>: The type of securable, such as CATALOG or TABLE.

  • <catalog>: The parent catalog for a table or view.

  • <schema>: The parent schema for a table or view.

  • <securable-name>: The name of the securable, such as a table or view.

DESCRIBE <SECURABLE-TYPE> EXTENDED <catalog>.<schema>.<securable-name>;
display(spark.sql("DESCRIBE <SECURABLE-TYPE> EXTENDED <catalog>.<schema>.<securable-name>"))
library(SparkR)

display(sql("DESCRIBE <SECURABLE-TYPE> EXTENDED <catalog>.<schema>.<securable-name>"))
display(spark.sql("DESCRIBE <SECURABLE-TYPE> EXTENDED <catalog>.<schema>.<securable-name>"))

Transfer ownership

To transfer ownership of an object, use a SQL command with the following syntax. Replace the placeholder values:

  • <SECURABLE-TYPE>: The type of securable object, such as CATALOG or TABLE. METASTORE is not supported as a securable object in this command.

  • <SECURABLE-NAME>: The name of the securable.

  • <PRINCIPAL>: The email address of an account-level user or the name of an account-level group.

ALTER <SECURABLE-TYPE> <SECURABLE-NAME> OWNER TO <PRINCIPAL>;
spark.sql("ALTER <SECURABLE-TYPE> <SECURABLE-NAME> OWNER TO <PRINCIPAL>")
library(SparkR)

sql("ALTER <SECURABLE-TYPE> <SECURABLE-NAME> OWNER TO <PRINCIPAL>")
spark.sql("ALTER <SECURABLE-TYPE> <SECURABLE-NAME> OWNER TO <PRINCIPAL>")

For example, to transfer ownership of a table to the accounting group:

ALTER TABLE orders OWNER TO `accounting`;
spark.sql("ALTER TABLE orders OWNER TO `accounting`")
library(SparkR)

sql("ALTER TABLE orders OWNER TO `accounting`")
spark.sql("ALTER TABLE orders OWNER TO `accounting`")