Data access control

Preview

This feature is in Public Preview. Contact your Databricks representative to request access.

This article describes the privileges data object owners can manage using Databricks data access control SQL statements.

Data object owners apply the SQL GRANT, DENY, REVOKE, and SHOW GRANT commands to manage access to data objects from users and groups.

For details on using these commands, see Data object privileges.

For a command reference, see Security statements.

Example

To enable a user to complete the Quickstart: Run and visualize a query, specify the following privileges:

REVOKE ALL PRIVILEGES ON DATABASE default FROM `user@example.com`;

GRANT USAGE ON DATABASE default TO `user@example.com`;

GRANT SELECT ON DATABASE default TO `user@example.com`;

GRANT READ_METADATA on DATABASE default TO `user@example.com`;

SHOW GRANT `user@example.com` ON DATABASE default;

+------------------+---------------+------------+-----------+
| principal        | ActionType    | ObjectType | ObjectKey |
+------------------+---------------+------------+-----------+
| user@example.com | READ_METADATA | DATABASE   | default   |
+------------------+---------------+------------+-----------+
| user@example.com | SELECT        | DATABASE   | default   |
+------------------+---------------+------------+-----------+
| user@example.com | USAGE         | DATABASE   | default   |
+------------------+---------------+------------+-----------+

When you run these commands in the Databricks SQL Analytics query editor, you should see:

Show grant