SQL Deny select doesnt work on databricks

Question

I have enables sql acl on our databrick cluster and I am trying to deny any slect on one table from my personal user using below commands

%sql
REVOKE ALL PRIVILEGES on database default from `myuser@org.com`;
REVOKE ALL PRIVILEGES on default.billingsilver from `myuser@org.com`;
deny SELECT ON ANY FILE to `myuser@org.com`;
deny select on database default to `myuser@org.com`;
deny select on default.billingsilver to `myuser@org.com`;
show grant on default.billingsilver;

The result of above is as follow:

But when I run below commands

%sql
select count(*) from default.billingsilver;

I still can get the count from above table while this should deny me from running the query.

Please noe that I have logged in using myuser@org.com which belongs to admins in the group folder. Can someone tell me why I still can get the count while I have denied all select on both database and the table?

score 0 · Answer 1 · edited Jul 11 '22 at 16:00

0

There is no ActionType OWN, in your privileges means the object does not have an owner.

To perform this GRANT, DENY (SQL operations) operations some privileges are required.

`DENY`: `OWN` on the object.

To perform this you should be the owner of the object, make sure you are the owner of the object.

Reference: Operations and privileges

edited Jul 11 '22 at 16:00

marc_s

732,580
175
1,330
1,459

answered May 26 '22 at 04:08

Pratik Lad

4,343
2
3
11

SQL Deny select doesnt work on databricks

1 Answers1