w.grants: Grants¶
- class databricks.sdk.service.catalog.GrantsAPI¶
In Unity Catalog, data is secure by default. Initially, users have no access to data in a metastore. Access can be granted by either a metastore admin, the owner of an object, or the owner of the catalog or schema that contains the object. Securable objects in Unity Catalog are hierarchical and privileges are inherited downward.
Securable objects in Unity Catalog are hierarchical and privileges are inherited downward. This means that granting a privilege on the catalog automatically grants the privilege to all current and future objects within the catalog. Similarly, privileges granted on a schema are inherited by all current and future objects within that schema.
- get(securable_type: str, full_name: str [, max_results: Optional[int], page_token: Optional[str], principal: Optional[str]]) GetPermissionsResponse¶
Usage:
import os import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import catalog w = WorkspaceClient() table_name = f"sdk-{time.time_ns()}" created_catalog = w.catalogs.create(name=f"sdk-{time.time_ns()}") created_schema = w.schemas.create(name=f"sdk-{time.time_ns()}", catalog_name=created_catalog.name) _ = w.statement_execution.execute( warehouse_id=os.environ["TEST_DEFAULT_WAREHOUSE_ID"], catalog=created_catalog.name, schema=created_schema.name, statement="CREATE TABLE %s AS SELECT 2+2 as four" % (table_name), ).result() table_full_name = "%s.%s.%s" % ( created_catalog.name, created_schema.name, table_name, ) created_table = w.tables.get(full_name=table_full_name) grants = w.grants.get_effective( securable_type=catalog.SecurableType.TABLE, full_name=created_table.full_name, ) # cleanup w.schemas.delete(full_name=created_schema.full_name) w.catalogs.delete(name=created_catalog.name, force=True) w.tables.delete(full_name=table_full_name)
Gets the permissions for a securable. Does not include inherited permissions.
NOTE: we recommend using max_results=0 to use the paginated version of this API. Unpaginated calls will be deprecated soon.
PAGINATION BEHAVIOR: When using pagination (max_results >= 0), a page may contain zero results while still providing a next_page_token. Clients must continue reading pages until next_page_token is absent, which is the only indication that the end of results has been reached.
- Parameters:
securable_type – str Type of securable.
full_name – str Full name of securable.
max_results –
int (optional) Specifies the maximum number of privileges to return (page length). Every PrivilegeAssignment present in a single page response is guaranteed to contain all the privileges granted on the requested Securable for the respective principal.
If not set, all the permissions are returned. If set to - lesser than 0: invalid parameter error - 0: page length is set to a server configured value - lesser than 150 but greater than 0: invalid parameter error (this is to ensure that server is able to return at least one complete PrivilegeAssignment in a single page response) - greater than (or equal to) 150: page length is the minimum of this value and a server configured value
page_token – str (optional) Opaque pagination token to go to next page based on previous query.
principal – str (optional) If provided, only the permissions for the specified principal (user or group) are returned.
- Returns:
- get_effective(securable_type: str, full_name: str [, max_results: Optional[int], page_token: Optional[str], principal: Optional[str]]) EffectivePermissionsList¶
Usage:
import os import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import catalog w = WorkspaceClient() table_name = f"sdk-{time.time_ns()}" created_catalog = w.catalogs.create(name=f"sdk-{time.time_ns()}") created_schema = w.schemas.create(name=f"sdk-{time.time_ns()}", catalog_name=created_catalog.name) _ = w.statement_execution.execute( warehouse_id=os.environ["TEST_DEFAULT_WAREHOUSE_ID"], catalog=created_catalog.name, schema=created_schema.name, statement="CREATE TABLE %s AS SELECT 2+2 as four" % (table_name), ).result() table_full_name = "%s.%s.%s" % ( created_catalog.name, created_schema.name, table_name, ) created_table = w.tables.get(full_name=table_full_name) grants = w.grants.get_effective( securable_type=catalog.SecurableType.TABLE, full_name=created_table.full_name, ) # cleanup w.schemas.delete(full_name=created_schema.full_name) w.catalogs.delete(name=created_catalog.name, force=True) w.tables.delete(full_name=table_full_name)
Gets the effective permissions for a securable. Includes inherited permissions from any parent securables.
NOTE: we recommend using max_results=0 to use the paginated version of this API. Unpaginated calls will be deprecated soon.
PAGINATION BEHAVIOR: When using pagination (max_results >= 0), a page may contain zero results while still providing a next_page_token. Clients must continue reading pages until next_page_token is absent, which is the only indication that the end of results has been reached.
- Parameters:
securable_type – str Type of securable.
full_name – str Full name of securable.
max_results –
int (optional) Specifies the maximum number of privileges to return (page length). Every EffectivePrivilegeAssignment present in a single page response is guaranteed to contain all the effective privileges granted on (or inherited by) the requested Securable for the respective principal.
If not set, all the effective permissions are returned. If set to - lesser than 0: invalid parameter error - 0: page length is set to a server configured value - lesser than 150 but greater than 0: invalid parameter error (this is to ensure that server is able to return at least one complete EffectivePrivilegeAssignment in a single page response) - greater than (or equal to) 150: page length is the minimum of this value and a server configured value
page_token – str (optional) Opaque token for the next page of results (pagination).
principal – str (optional) If provided, only the effective permissions for the specified principal (user or group) are returned.
- Returns:
- update(securable_type: str, full_name: str [, changes: Optional[List[PermissionsChange]]]) UpdatePermissionsResponse¶
Usage:
import os import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import catalog w = WorkspaceClient() table_name = f"sdk-{time.time_ns()}" created_catalog = w.catalogs.create(name=f"sdk-{time.time_ns()}") created_schema = w.schemas.create(name=f"sdk-{time.time_ns()}", catalog_name=created_catalog.name) _ = w.statement_execution.execute( warehouse_id=os.environ["TEST_DEFAULT_WAREHOUSE_ID"], catalog=created_catalog.name, schema=created_schema.name, statement="CREATE TABLE %s AS SELECT 2+2 as four" % (table_name), ).result() table_full_name = "%s.%s.%s" % ( created_catalog.name, created_schema.name, table_name, ) account_level_group_name = os.environ["TEST_DATA_ENG_GROUP"] created_table = w.tables.get(full_name=table_full_name) x = w.grants.update( full_name=created_table.full_name, securable_type=catalog.SecurableType.TABLE, changes=[ catalog.PermissionsChange( add=[catalog.Privilege.MODIFY, catalog.Privilege.SELECT], principal=account_level_group_name, ) ], ) # cleanup w.schemas.delete(full_name=created_schema.full_name) w.catalogs.delete(name=created_catalog.name, force=True) w.tables.delete(full_name=table_full_name)
Updates the permissions for a securable.
- Parameters:
securable_type – str Type of securable.
full_name – str Full name of securable.
changes – List[
PermissionsChange] (optional) Array of permissions change objects.
- Returns: