GRANT (Databricks SQL)

Grants a privilege on an object to a user or principal. Granting a privilege on a database (for example a SELECT privilege) has the effect of implicitly granting that privilege on all objects in that database. Granting a specific privilege on the catalog has the effect of implicitly granting that privilege on all databases in the catalog.

Syntax

GRANT
  privilege_type [, ...]
  ON { CATALOG |
       DATABASE database_name |
       TABLE table_name |
       VIEW view_name |
       FUNCTION function_name |
       ANONYMOUS FUNCTION |
       ANY FILE }
  TO principal

privilege_type
  { SELECT | CREATE | MODIFY | READ_METADATA | CREATE_NAMED_FUNCTION | ALL PRIVILEGES }
GRANT
  USAGE
  ON [ CATALOG | DATABASE database_name ]
  TO principal
principal
  { `<user>@<domain-name>` | group_name }

To grant a privilege to all users, specify the keyword users after TO.

Examples

GRANT SELECT ON DATABASE <database-name> TO `<user>@<domain-name>`
GRANT SELECT ON ANONYMOUS FUNCTION TO `<user>@<domain-name>`
GRANT SELECT ON ANY FILE TO `<user>@<domain-name>`

View-based access control

You can configure fine-grained access control (to rows and columns matching specific conditions, for example) by granting access to derived views that contain arbitrary queries.

Examples

CREATE OR REPLACE VIEW <view-name> AS SELECT columnA, columnB FROM <table-name> WHERE columnC > 1000;
GRANT SELECT ON VIEW <view-name> TO `<user>@<domain-name>`;

For details on required table ownership, see Frequently asked questions (FAQ).