数据访问控制Data access control

重要

此功能目前以公共预览版提供。This feature is in Public Preview. 请联系 Azure Databricks 代表,以申请访问权限。Contact your Azure Databricks representative to request access.

本文介绍了使用 Azure Databricks 数据访问控制 SQL 语句可以管理的权限数据对象所有者。This article describes the privileges data object owners can manage using Azure Databricks data access control SQL statements.

数据对象所有者应用 SQL GRANTDENYREVOKESHOW GRANT 命令来管理 用户和组对数据对象的访问。Data object owners apply the SQL GRANT, DENY, REVOKE, and SHOW GRANT commands to manage access to data objects from users and groups.

有关使用这些命令的详细信息,请参阅 数据对象特权For details on using these commands, see Data object privileges.

有关命令参考,请参阅 安全语句For a command reference, see Security statements.

示例Example

若要使用户能够完成 快速入门:运行和可视化查询,请指定以下权限:To enable a user to complete the Quickstart: Run and visualize a query, specify the following privileges:

REVOKE ALL PRIVILEGES ON DATABASE default FROM `user@example.com`;

GRANT USAGE ON DATABASE default TO `user@example.com`;

GRANT SELECT ON DATABASE default TO `user@example.com`;

GRANT READ_METADATA on DATABASE default TO `user@example.com`;

SHOW GRANT `user@example.com` ON DATABASE default;

+------------------+---------------+------------+-----------+
| principal        | ActionType    | ObjectType | ObjectKey |
+------------------+---------------+------------+-----------+
| user@example.com | READ_METADATA | DATABASE   | default   |
+------------------+---------------+------------+-----------+
| user@example.com | SELECT        | DATABASE   | default   |
+------------------+---------------+------------+-----------+
| user@example.com | USAGE         | DATABASE   | default   |
+------------------+---------------+------------+-----------+

在 Azure Databricks SQL Analytics 查询编辑器中运行这些命令时,应会看到:When you run these commands in the Azure Databricks SQL Analytics query editor, you should see:

显示授权Show grant