Principal (Databricks SQL)
A principal is a user, service principal, or group known to the metastore. Principals can be granted privileges and may own securable objects.
Parameters
<user>@<domain-name>
An individual user. You must quote the identifier with back-ticks (`) due to the @ character.
<sp-application-id>
A service principal, specified by its
applicationId
value. You must quote the identifier with back-ticks (`) due to the dash characters in the ID.group_name
An identifier specifying a group of users or groups.
USERS
The root group to which all workspace level users belong.
ACOUNT USERS
The root group to which all account level users belong.
Workspace and Account level principals
Databricks SQL supports to distinct sets of principals: workspace level and account level.
If you attempt to GRANT a privilege to a securable_object you will receive a “user not found” error if the principal does not apply to the securable object.
Examples
-- Granting a privilege to the user alf@melmak.et
> GRANT SELECT ON TABLE t TO `alf@melmak.et`;
-- Granting a privilege to the service principal fab9e00e-ca35-11ec-9d64-0242ac120002
> GRANT SELECT ON TABLE t TO `fab9e00e-ca35-11ec-9d64-0242ac120002`;
-- Revoking a privilege from the general public group.
> REVOKE SELECT ON TABLE t FROM users;
-- Transfering owbership of an object to `some_group`
> ALTER SCHEMA some_schema OWNER TO some_group;