`w.grants`: Grants¶

class databricks.sdk.service.catalog.GrantsAPI¶

In Unity Catalog, data is secure by default. Initially, users have no access to data in a metastore. Access can be granted by either a metastore admin, the owner of an object, or the owner of the catalog or schema that contains the object. Securable objects in Unity Catalog are hierarchical and privileges are inherited downward.

Securable objects in Unity Catalog are hierarchical and privileges are inherited downward. This means that granting a privilege on the catalog automatically grants the privilege to all current and future objects within the catalog. Similarly, privileges granted on a schema are inherited by all current and future objects within that schema.

get(securable_type: SecurableType, full_name: str [, principal: Optional[str]]) → PermissionsList¶

Usage:

import os
import time

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog

w = WorkspaceClient()

table_name = f'sdk-{time.time_ns()}'

created_catalog = w.catalogs.create(name=f'sdk-{time.time_ns()}')

created_schema = w.schemas.create(name=f'sdk-{time.time_ns()}', catalog_name=created_catalog.name)

_ = w.statement_execution.execute(warehouse_id=os.environ["TEST_DEFAULT_WAREHOUSE_ID"],
                                  catalog=created_catalog.name,
                                  schema=created_schema.name,
                                  statement="CREATE TABLE %s AS SELECT 2+2 as four" % (table_name)).result()

table_full_name = "%s.%s.%s" % (created_catalog.name, created_schema.name, table_name)

created_table = w.tables.get(full_name=table_full_name)

grants = w.grants.get_effective(securable_type=catalog.SecurableType.TABLE, full_name=created_table.full_name)

# cleanup
w.schemas.delete(full_name=created_schema.full_name)
w.catalogs.delete(name=created_catalog.name, force=True)
w.tables.delete(full_name=table_full_name)

Get permissions.

Gets the permissions for a securable.

Parameters:

securable_type – SecurableType Type of securable.
full_name – str Full name of securable.
principal – str (optional) If provided, only the permissions for the specified principal (user or group) are returned.

Returns:

PermissionsList

get_effective(securable_type: SecurableType, full_name: str [, principal: Optional[str]]) → EffectivePermissionsList¶

Usage:

import os
import time

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog

w = WorkspaceClient()

table_name = f'sdk-{time.time_ns()}'

created_catalog = w.catalogs.create(name=f'sdk-{time.time_ns()}')

created_schema = w.schemas.create(name=f'sdk-{time.time_ns()}', catalog_name=created_catalog.name)

_ = w.statement_execution.execute(warehouse_id=os.environ["TEST_DEFAULT_WAREHOUSE_ID"],
                                  catalog=created_catalog.name,
                                  schema=created_schema.name,
                                  statement="CREATE TABLE %s AS SELECT 2+2 as four" % (table_name)).result()

table_full_name = "%s.%s.%s" % (created_catalog.name, created_schema.name, table_name)

created_table = w.tables.get(full_name=table_full_name)

grants = w.grants.get_effective(securable_type=catalog.SecurableType.TABLE, full_name=created_table.full_name)

# cleanup
w.schemas.delete(full_name=created_schema.full_name)
w.catalogs.delete(name=created_catalog.name, force=True)
w.tables.delete(full_name=table_full_name)

Get effective permissions.

Gets the effective permissions for a securable.

Parameters:

securable_type – SecurableType Type of securable.
full_name – str Full name of securable.
principal – str (optional) If provided, only the effective permissions for the specified principal (user or group) are returned.

Returns:

EffectivePermissionsList

update(securable_type: SecurableType, full_name: str [, changes: Optional[List[PermissionsChange]]]) → PermissionsList¶

Usage:

import os
import time

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog

w = WorkspaceClient()

table_name = f'sdk-{time.time_ns()}'

created_catalog = w.catalogs.create(name=f'sdk-{time.time_ns()}')

created_schema = w.schemas.create(name=f'sdk-{time.time_ns()}', catalog_name=created_catalog.name)

_ = w.statement_execution.execute(warehouse_id=os.environ["TEST_DEFAULT_WAREHOUSE_ID"],
                                  catalog=created_catalog.name,
                                  schema=created_schema.name,
                                  statement="CREATE TABLE %s AS SELECT 2+2 as four" % (table_name)).result()

table_full_name = "%s.%s.%s" % (created_catalog.name, created_schema.name, table_name)

account_level_group_name = os.environ["TEST_DATA_ENG_GROUP"]

created_table = w.tables.get(full_name=table_full_name)

x = w.grants.update(full_name=created_table.full_name,
                    securable_type=catalog.SecurableType.TABLE,
                    changes=[
                        catalog.PermissionsChange(add=[catalog.Privilege.MODIFY, catalog.Privilege.SELECT],
                                                  principal=account_level_group_name)
                    ])

# cleanup
w.schemas.delete(full_name=created_schema.full_name)
w.catalogs.delete(name=created_catalog.name, force=True)
w.tables.delete(full_name=table_full_name)

Update permissions.

Updates the permissions for a securable.

Parameters:

securable_type – SecurableType Type of securable.
full_name – str Full name of securable.
changes – List[PermissionsChange] (optional) Array of permissions change objects.

Returns:

PermissionsList

Navigation

Related Topics

`w.grants`: Grants¶

w.grants: Grants¶

`w.grants`: Grants¶