GRANT (Databricks SQL)

Grants a privilege on an object to a user or principal. Granting a privilege on a database (for example a SELECT privilege) has the effect of implicitly granting that privilege on all objects in that database. Granting a specific privilege on the catalog has the effect of implicitly granting that privilege on all databases in the catalog.

Note

Modifying access to the samples catalog is not supported. This catalog is available to all workspaces, but is read-only.

Syntax

GRANT
  privilege_type [, ...]
  ON { CATALOG |
       DATABASE database_name |
       TABLE table_name |
       VIEW view_name |
       FUNCTION function_name |
       ANONYMOUS FUNCTION |
       ANY FILE }
  TO principal

privilege_type
  { SELECT | CREATE | MODIFY | READ_METADATA | CREATE_NAMED_FUNCTION | ALL PRIVILEGES }
GRANT
  USAGE
  ON { CATALOG | DATABASE database_name }
  TO principal
principal
  { `<user>@<domain-name>` | group_name }

To grant a privilege to all users, specify the keyword users after TO.

Examples

> GRANT SELECT ON DATABASE <database-name> TO `<user>@<domain-name>`
> GRANT SELECT ON ANONYMOUS FUNCTION TO `<user>@<domain-name>`
> GRANT SELECT ON ANY FILE TO `<user>@<domain-name>`

View-based access control

You can configure fine-grained access control (to rows and columns matching specific conditions, for example) by granting access to derived views that contain arbitrary queries.

Examples

> CREATE OR REPLACE VIEW <view-name> AS SELECT columnA, columnB FROM <table-name> WHERE columnC > 1000;
> GRANT SELECT ON VIEW <view-name> TO `<user>@<domain-name>`;

For details on required table ownership, see Frequently asked questions (FAQ).