grants command group

The grants command group within the Databricks CLI allows you to manage grants. In Unity Catalog, data is secure by default. Initially, users have no access to data in a metastore. Access can be granted by either a metastore admin, the owner of an object, or the owner of the catalog or schema that contains the object. See Show, grant, and revoke privileges.

databricks grants get

Get the permissions for a securable. Does not include inherited permissions.

databricks grants get SECURABLE_TYPE FULL_NAME [flags]

Arguments

SECURABLE_TYPE

    Type of securable.

FULL_NAME

    Full name of securable.

Options

--max-results int

    Specifies the maximum number of privileges to return (page length).

--page-token string

    Opaque pagination token to go to next page based on previous query.

--principal string

    If provided, only the permissions for the specified principal (user or group) are returned.

Global flags

Examples

The following example gets permissions for a catalog:

databricks grants get catalog my_catalog

The following example gets permissions for a specific principal:

databricks grants get catalog my_catalog --principal someone@example.com

The following example gets permissions with pagination:

databricks grants get table my_catalog.my_schema.my_table --max-results 10

databricks grants get-effective

Get the effective permissions for a securable. Includes inherited permissions from any parent securables.

databricks grants get-effective SECURABLE_TYPE FULL_NAME [flags]

Arguments

SECURABLE_TYPE

    Type of securable.

FULL_NAME

    Full name of securable.

Options

--max-results int

    Specifies the maximum number of privileges to return (page length).

--page-token string

    Opaque token for the next page of results (pagination).

--principal string

    If provided, only the effective permissions for the specified principal (user or group) are returned.

Global flags

Examples

The following example gets effective permissions for a table:

databricks grants get-effective table my_catalog.my_schema.my_table

The following example gets effective permissions for a specific principal:

databricks grants get-effective schema my_catalog.my_schema --principal someone@example.com

The following example gets effective permissions with pagination:

databricks grants get-effective catalog my_catalog --max-results 20 --page-token abc123

databricks grants update

Update the permissions for a securable.

databricks grants update SECURABLE_TYPE FULL_NAME [flags]

Arguments

SECURABLE_TYPE

    Type of securable.

FULL_NAME

    Full name of securable.

Options

--json JSON

    The inline JSON string or the @path to the JSON file with the request body.

Global flags

Examples

The following example updates permissions using a JSON file:

databricks grants update catalog my_catalog --json @permissions.json

Global flags

--debug

  Whether to enable debug logging.

-h or --help

    Display help for the Databricks CLI or the related command group or the related command.

--log-file string

    A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.

--log-format format

    The log format type, text or json. The default value is text.

--log-level string

    A string representing the log format level. If not specified then the log format level is disabled.

-o, --output type

    The command output type, text or json. The default value is text.

-p, --profile string

    The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.

--progress-format format

    The format to display progress logs: default, append, inplace, or json

-t, --target string

    If applicable, the bundle target to use