databricks - Manage privileges in Unity Catalog Azure - Stack Overflow

admin管理员组

文章数量:1355697

I have a Group in Azure for which I would like to manage access . Databricks Documentation
/?language=SQL

The group is called AzUser-DataHub-SAPupportAnalyst however I can't seem to use the Syntax

GRANT SELECT ON default.department TO `AzUser-DataHub-SAPupportAnalyst`;

I can give it to a Principal but because this an AD Group this cannot be resolved .

Any pointers?

I have a Group in Azure for which I would like to manage access . Databricks Documentation
https://docs.databricks/aws/en/data-governance/unity-catalog/manage-privileges/?language=SQL

The group is called AzUser-DataHub-SAPupportAnalyst however I can't seem to use the Syntax

GRANT SELECT ON default.department TO `AzUser-DataHub-SAPupportAnalyst`;

I can give it to a Principal but because this an AD Group this cannot be resolved .

Any pointers?

• databricks
• azure-databricks
• databricks-unity-catalog

Share Improve this question Follow edited 2 days ago Ged 18.2k88 gold badges4848 silver badges105105 bronze badges asked Mar 31 at 9:39 nick leesonnick leeson 3144 bronze badges

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 0

Make sure the group is a part of your workspace. In SQL you can run show groups to see whether the group is available or not.

If the group does not show there, go to Settings -> Workspace Admin -> Identity and Access -> Groups

and add the group into the workspace.

https://learn.microsoft/en-us/azure/databricks/admin/users-groups/groups#add-groups-workspace

If the group doesn't show from the Add group button, then you may need to add the group in the Account console:

https://learn.microsoft/en-us/azure/databricks/admin/users-groups/groups#account-console

I have a Group in Azure for which I would like to manage access . Databricks Documentation https://docs.databricks/aws/en/data-governance/unity-catalog/manage-privileges/?language=SQL The group is called AzUser-DataHub-SAPupportAnalyst however I can't seem to use the Syntax GRANT SELECT ON default.department TO AzUser-DataHub-SAPupportAnalyst; I can give it to a Principal but because this an AD Group this cannot be resolved .

*In Azure Databricks, ensure that the Azure AD group (e.g., AzUser-DataHub-SAPupportAnalyst) is synchronized correctly with Unity Catalog. Ensure that your Unity Catalog is configured to properly recognize Azure AD groups. This should happen automatically if Azure AD is connected to Databricks.

*Azure AD Group Sync: Make sure that the group AzUser-DataHub-SAPupportAnalyst exists in Azure Active Directory and that it is synced to your Databricks workspace. In some cases, it may not be properly synced or recognized.To check this, go to the Admin Console in Azure Databricks and verify that the group is available under the User & Groups section. you can check the Documentation

*you can give a try using following command

GRANT [privilege-type] ON [securable-type] [securable-name] TO [principal];

[privilege-type] is a Unity Catalog privilege type. See Privilege types. [securable-type]: The type of securable object, such as CATALOG or TABLE. See Securable objects [securable-name]: The name of the securable. If the securable type is METASTORE, do not provide the securable name. It is assumed to be the metastore attached to the workspace. [principal] is a user, service principal (represented by its applicationId value), or group. You must enclose users, service principals, and group names that include special characters in backticks ( ).

*Also you can Grant permissions using the UI Click the table name in Catalog Explorer to open the table details page, and go to the Permissions tab. Click Grant. On the Grant on dialog: Select the users and groups you want to give permission to. Select the privileges you want to grant. For this example, assign the SELECT (read) privilege and click Grant.

本文标签： databricksManage privileges in Unity Catalog AzureStack Overflow