A new data engineering team has been assigned to work on a project. The team will need access to database customers in order to see what tables already exist. The team has its own group team.
Which of the following commands can be used to grant the necessary permission on the entire database to the new team?
The GRANT USAGE ON DATABASE command grants the USAGE privilege on the specified database to the specified group. The USAGE privilege allows the group to see the tables that exist in the database, but it does not allow them to do anything else with the database. This matches the requirement for the new data engineering team to see what tables already exist in the database. Therefore, the correct command to grant the necessary permission is GRANT USAGE ON DATABASE customers TO team.
E is the correct answer.
GRANT USAGE, answer E is correct. I dont see such privilage as GRANT VIEW https://docs.databricks.com/en/sql/language-manual/sql-ref-privileges.html#privilege-types
Customers is a Database and not a catalog. The three-space naming convention has Catalog at the top level(catalog.database(schema).table). So granting a usage on catalog will expose other objects.
E. It can NOT be A. You can GRANT SELECT, but you cannot GRANT VIEW. VIEW is a securable OBJECT and not a PRIVILEGE TYPE, so you cannot grant it. See also https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/manage-privileges/privileges
It's A....I got 100% on the Data Governance section...it's A
There is no such thing as GRANT VIEW, so A is not a valid option
SOURCE : https://docs.databricks.com/en/sql/language-manual/security-grant.html The perfect answer would be : GRANT SHOW METADATA ON DATABASE customers TO team But because, it is not suggested, we need to find an impertect answer allowing listing tables on database customers for project team's group : team A. GRANT VIEW ON CATALOG customers TO team -- Incorrect : "GRANT VIEW" does not exist B. GRANT CREATE ON DATABASE customers TO team -- Correct : only possible answer by elimitation. C. GRANT USAGE ON CATALOG team TO customers -- Incorrect : "GRANT USAGE" does not allow listing tables D. GRANT CREATE ON DATABASE team TO customers -- Incorrect : "team" and "customers" are inverted E. GRANT USAGE ON DATABASE customers TO team -- Incorrect : "GRANT USAGE" does not allow listing tables
In addition to what was typed previously, I'm adding an extra source : https://docs.databricks.com/en/data-governance/table-acls/object-privileges.html#usage-privilege So correct syntax for what I previously wrote is : GRANT SHOW READ_METADATA ON DATABASE customers TO team and not : GRANT SHOW METADATA ON DATABASE customers TO team
The correct answer is E. GRANT ALL PRIVILEGES ON DATABASE customers TO team; The GRANT statement is used to grant privileges on a database, table, or view to a user or role. The ALL PRIVILEGES option grants all possible privileges on the specified object, such as CREATE, SELECT, MODIFY, and USAGE. The syntax of the GRANT statement is: GRANT privilege_type ON object TO user_or_role; Therefore, to grant full permissions on the database customers to the new data engineering team, the command should be: GRANT ALL PRIVILEGES ON DATABASE customers TO team; Option A is incorrect because it only grants the USAGE privilege, which allows the team to access the database but not to create or modify any tables or views in it.
The correct is GRANT both "USAGE" and "SELECT" on DATABASE CUSTOMERS TO TEAMS
Think the Answer is E. The privilege types are CREATE, MODIFY, READ_METADATA, SELECT and USAGE. There is no such thing as GRANT VIEW. (it can however be GRANT <p-type> ON VIEW TO <team>). For our use case we want to GRANT USAGE for reading the Database. C has wrong syntax.
https://learn.microsoft.com/en-us/azure/databricks/sql/language-manual/sql-ref-privileges-hms In this link you can see that E is the correct answer, as there is no `VIEW` previlage, basically view previlage is `SELECT` preveliage. Then why will we have a VIEW previlage?, just think on process of elimination as well when answering such questions.
E is correct
The question is asking "The team will need access to database customers in order to see what tables already exist." The presumption is, hoever, the team already has usage privilege on the catalog containing the database.
Option A, "GRANT VIEW ON CATALOG customers TO team," grants the privilege to view the catalog but not access the database's tables, so it might not fulfill the requirement of seeing the existing tables in the database. So answer is E
A. GRANT VIEW ON CATALOG customers TO team; To grant the new data engineering team the necessary permission to view the tables that exist in the "customers" database, you can use the GRANT VIEW ON CATALOG command as shown in option A. This command allows the team to see the metadata and information about the tables in the specified catalog or database, which is what you want in this case. Option B grants the CREATE privilege on the "customers" database to the team, which is not necessary for simply viewing existing tables. Option C and Option D have the syntax reversed, attempting to grant permissions from the team to the "customers" database, which is not the desired action. Option E grants USAGE privilege on the "customers" database to the team, which allows them to use the database but may not provide the necessary view permissions to see existing tables.
E The GRANT USAGE ON DATABASE command grants the USAGE privilege on the specified database to the specified group. The USAGE privilege allows the group to see the tables that exist in the database, but it does not allow them to do anything else with the database. The other commands are incorrect. The GRANT VIEW ON CATALOG command grants the VIEW privilege on the specified catalog to the specified group. The CREATE privilege allows the group to create new tables in the database. The USAGE privilege on the CATALOG does not exist.
e is the right answer
option A is correct . Question says that "The team will need access to database customers in order to see what tables already exist" this looks like they need view access