Docs Home
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi
databricks.Grants
Explore with Pulumi AI
This article refers to the privileges and inheritance model in Privilege Model version 1.0. If you created your metastore during the public preview (before August 25, 2022), you can upgrade to Privilege Model version 1.0 following Upgrade to privilege inheritance
Most of Unity Catalog APIs are only accessible via workspace-level APIs. This design may change in the future. Account-level principal grants can be assigned with any valid workspace as the Unity Catalog is decoupled from specific workspaces. More information in the official documentation.
Two different resources help you manage your Unity Catalog grants for a securable. Each of these resources serves a different use case:
- databricks_grants: Authoritative. Sets the grants of a securable and replaces any existing grants defined inside or outside of Pulumi.
- databricks_grant: Authoritative for a given principal. Updates the grants of a securable to a single principal. Other principals within the grants for the securables are preserved.
In Unity Catalog all users initially have no access to data. Only Metastore Admins can create objects and can grant/revoke access on individual objects to users and groups. Every securable object in Unity Catalog has an owner. The owner can be any account-level user or group, called principals in general. The principal that creates an object becomes its owner. Owners receive ALL_PRIVILEGES on the securable object (e.g., SELECT and MODIFY on a table), as well as the permission to grant privileges to other principals.
Securable objects are hierarchical and privileges are inherited downward. The highest level object that privileges are inherited from is the catalog. This means that granting a privilege on a catalog or schema automatically grants the privilege to all current and future objects within the catalog or schema. Privileges that are granted on a metastore are not inherited.
Every databricks.Grants resource must have exactly one securable identifier and one or more grant blocks with the following arguments:
principal- User name, group name or service principal application ID.privileges- One or more privileges that are specific to a securable type.
For the latest list of privilege types that apply to each securable object in Unity Catalog, please refer to the official documentation
Pulumi will handle any configuration drift on every pulumi up run, even when grants are changed outside of Pulumi state.
Unlike the SQL specification, all privileges to be written with underscore instead of space, e.g. CREATE_TABLE and not CREATE TABLE. Below summarizes which privilege types apply to each securable object in the catalog:
Metastore grants
You can grant CREATE_CATALOG, CREATE_CONNECTION, CREATE_EXTERNAL_LOCATION, CREATE_PROVIDER, CREATE_RECIPIENT, CREATE_SHARE, CREATE_STORAGE_CREDENTIAL, MANAGE_ALLOWLIST, SET_SHARE_PERMISSION, USE_MARKETPLACE_ASSETS, USE_CONNECTION, USE_PROVIDER, USE_RECIPIENT and USE_SHARE privileges to databricks.Metastore assigned to the workspace.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const sandbox = new databricks.Grants("sandbox", {
metastore: "metastore_id",
grants: [
{
principal: "Data Engineers",
privileges: [
"CREATE_CATALOG",
"CREATE_EXTERNAL_LOCATION",
],
},
{
principal: "Data Sharer",
privileges: [
"CREATE_RECIPIENT",
"CREATE_SHARE",
],
},
],
});
import pulumi
import pulumi_databricks as databricks
sandbox = databricks.Grants("sandbox",
metastore="metastore_id",
grants=[
{
"principal": "Data Engineers",
"privileges": [
"CREATE_CATALOG",
"CREATE_EXTERNAL_LOCATION",
],
},
{
"principal": "Data Sharer",
"privileges": [
"CREATE_RECIPIENT",
"CREATE_SHARE",
],
},
])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewGrants(ctx, "sandbox", &databricks.GrantsArgs{
Metastore: pulumi.String("metastore_id"),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_CATALOG"),
pulumi.String("CREATE_EXTERNAL_LOCATION"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Sharer"),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_RECIPIENT"),
pulumi.String("CREATE_SHARE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var sandbox = new Databricks.Grants("sandbox", new()
{
Metastore = "metastore_id",
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"CREATE_CATALOG",
"CREATE_EXTERNAL_LOCATION",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Sharer",
Privileges = new[]
{
"CREATE_RECIPIENT",
"CREATE_SHARE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sandbox = new Grants("sandbox", GrantsArgs.builder()
.metastore("metastore_id")
.grants(
GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges(
"CREATE_CATALOG",
"CREATE_EXTERNAL_LOCATION")
.build(),
GrantsGrantArgs.builder()
.principal("Data Sharer")
.privileges(
"CREATE_RECIPIENT",
"CREATE_SHARE")
.build())
.build());
}
}
resources:
sandbox:
type: databricks:Grants
properties:
metastore: metastore_id
grants:
- principal: Data Engineers
privileges:
- CREATE_CATALOG
- CREATE_EXTERNAL_LOCATION
- principal: Data Sharer
privileges:
- CREATE_RECIPIENT
- CREATE_SHARE
Catalog grants
You can grant ALL_PRIVILEGES, APPLY_TAG, CREATE_CONNECTION, CREATE_SCHEMA, USE_CATALOG privileges to databricks.Catalog specified in the catalog attribute. You can also grant CREATE_FUNCTION, CREATE_TABLE, CREATE_VOLUME, EXECUTE, MODIFY, REFRESH, SELECT, READ_VOLUME, WRITE_VOLUME and USE_SCHEMA at the catalog level to apply them to the pertinent current and future securable objects within the catalog:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const sandbox = new databricks.Catalog("sandbox", {
name: "sandbox",
comment: "this catalog is managed by terraform",
properties: {
purpose: "testing",
},
});
const sandboxGrants = new databricks.Grants("sandbox", {
catalog: sandbox.name,
grants: [
{
principal: "Data Scientists",
privileges: [
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_TABLE",
"SELECT",
],
},
{
principal: "Data Engineers",
privileges: [
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_SCHEMA",
"CREATE_TABLE",
"MODIFY",
],
},
{
principal: "Data Analyst",
privileges: [
"USE_CATALOG",
"USE_SCHEMA",
"SELECT",
],
},
],
});
import pulumi
import pulumi_databricks as databricks
sandbox = databricks.Catalog("sandbox",
name="sandbox",
comment="this catalog is managed by terraform",
properties={
"purpose": "testing",
})
sandbox_grants = databricks.Grants("sandbox",
catalog=sandbox.name,
grants=[
{
"principal": "Data Scientists",
"privileges": [
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_TABLE",
"SELECT",
],
},
{
"principal": "Data Engineers",
"privileges": [
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_SCHEMA",
"CREATE_TABLE",
"MODIFY",
],
},
{
"principal": "Data Analyst",
"privileges": [
"USE_CATALOG",
"USE_SCHEMA",
"SELECT",
],
},
])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
sandbox, err := databricks.NewCatalog(ctx, "sandbox", &databricks.CatalogArgs{
Name: pulumi.String("sandbox"),
Comment: pulumi.String("this catalog is managed by terraform"),
Properties: pulumi.StringMap{
"purpose": pulumi.String("testing"),
},
})
if err != nil {
return err
}
_, err = databricks.NewGrants(ctx, "sandbox", &databricks.GrantsArgs{
Catalog: sandbox.Name,
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Scientists"),
Privileges: pulumi.StringArray{
pulumi.String("USE_CATALOG"),
pulumi.String("USE_SCHEMA"),
pulumi.String("CREATE_TABLE"),
pulumi.String("SELECT"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("USE_CATALOG"),
pulumi.String("USE_SCHEMA"),
pulumi.String("CREATE_SCHEMA"),
pulumi.String("CREATE_TABLE"),
pulumi.String("MODIFY"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Analyst"),
Privileges: pulumi.StringArray{
pulumi.String("USE_CATALOG"),
pulumi.String("USE_SCHEMA"),
pulumi.String("SELECT"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var sandbox = new Databricks.Catalog("sandbox", new()
{
Name = "sandbox",
Comment = "this catalog is managed by terraform",
Properties =
{
{ "purpose", "testing" },
},
});
var sandboxGrants = new Databricks.Grants("sandbox", new()
{
Catalog = sandbox.Name,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Scientists",
Privileges = new[]
{
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_TABLE",
"SELECT",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_SCHEMA",
"CREATE_TABLE",
"MODIFY",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Analyst",
Privileges = new[]
{
"USE_CATALOG",
"USE_SCHEMA",
"SELECT",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Catalog;
import com.pulumi.databricks.CatalogArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sandbox = new Catalog("sandbox", CatalogArgs.builder()
.name("sandbox")
.comment("this catalog is managed by terraform")
.properties(Map.of("purpose", "testing"))
.build());
var sandboxGrants = new Grants("sandboxGrants", GrantsArgs.builder()
.catalog(sandbox.name())
.grants(
GrantsGrantArgs.builder()
.principal("Data Scientists")
.privileges(
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_TABLE",
"SELECT")
.build(),
GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges(
"USE_CATALOG",
"USE_SCHEMA",
"CREATE_SCHEMA",
"CREATE_TABLE",
"MODIFY")
.build(),
GrantsGrantArgs.builder()
.principal("Data Analyst")
.privileges(
"USE_CATALOG",
"USE_SCHEMA",
"SELECT")
.build())
.build());
}
}
resources:
sandbox:
type: databricks:Catalog
properties:
name: sandbox
comment: this catalog is managed by terraform
properties:
purpose: testing
sandboxGrants:
type: databricks:Grants
name: sandbox
properties:
catalog: ${sandbox.name}
grants:
- principal: Data Scientists
privileges:
- USE_CATALOG
- USE_SCHEMA
- CREATE_TABLE
- SELECT
- principal: Data Engineers
privileges:
- USE_CATALOG
- USE_SCHEMA
- CREATE_SCHEMA
- CREATE_TABLE
- MODIFY
- principal: Data Analyst
privileges:
- USE_CATALOG
- USE_SCHEMA
- SELECT
Schema grants
You can grant ALL_PRIVILEGES, APPLY_TAG, CREATE_FUNCTION, CREATE_TABLE, CREATE_VOLUME and USE_SCHEMA privileges to catalog.schema specified in the schema attribute. You can also grant EXECUTE, MODIFY, REFRESH, SELECT, READ_VOLUME, WRITE_VOLUME at the schema level to apply them to the pertinent current and future securable objects within the schema:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const things = new databricks.Schema("things", {
catalogName: sandbox.id,
name: "things",
comment: "this schema is managed by terraform",
properties: {
kind: "various",
},
});
const thingsGrants = new databricks.Grants("things", {
schema: things.id,
grants: [{
principal: "Data Engineers",
privileges: [
"USE_SCHEMA",
"MODIFY",
],
}],
});
import pulumi
import pulumi_databricks as databricks
things = databricks.Schema("things",
catalog_name=sandbox["id"],
name="things",
comment="this schema is managed by terraform",
properties={
"kind": "various",
})
things_grants = databricks.Grants("things",
schema=things.id,
grants=[{
"principal": "Data Engineers",
"privileges": [
"USE_SCHEMA",
"MODIFY",
],
}])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
things, err := databricks.NewSchema(ctx, "things", &databricks.SchemaArgs{
CatalogName: pulumi.Any(sandbox.Id),
Name: pulumi.String("things"),
Comment: pulumi.String("this schema is managed by terraform"),
Properties: pulumi.StringMap{
"kind": pulumi.String("various"),
},
})
if err != nil {
return err
}
_, err = databricks.NewGrants(ctx, "things", &databricks.GrantsArgs{
Schema: things.ID(),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("USE_SCHEMA"),
pulumi.String("MODIFY"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var things = new Databricks.Schema("things", new()
{
CatalogName = sandbox.Id,
Name = "things",
Comment = "this schema is managed by terraform",
Properties =
{
{ "kind", "various" },
},
});
var thingsGrants = new Databricks.Grants("things", new()
{
Schema = things.Id,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"USE_SCHEMA",
"MODIFY",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Schema;
import com.pulumi.databricks.SchemaArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var things = new Schema("things", SchemaArgs.builder()
.catalogName(sandbox.id())
.name("things")
.comment("this schema is managed by terraform")
.properties(Map.of("kind", "various"))
.build());
var thingsGrants = new Grants("thingsGrants", GrantsArgs.builder()
.schema(things.id())
.grants(GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges(
"USE_SCHEMA",
"MODIFY")
.build())
.build());
}
}
resources:
things:
type: databricks:Schema
properties:
catalogName: ${sandbox.id}
name: things
comment: this schema is managed by terraform
properties:
kind: various
thingsGrants:
type: databricks:Grants
name: things
properties:
schema: ${things.id}
grants:
- principal: Data Engineers
privileges:
- USE_SCHEMA
- MODIFY
Table grants
You can grant ALL_PRIVILEGES, APPLY_TAG, SELECT and MODIFY privileges to catalog.schema.table specified in the table attribute.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const customers = new databricks.Grants("customers", {
table: "main.reporting.customers",
grants: [
{
principal: "Data Engineers",
privileges: [
"MODIFY",
"SELECT",
],
},
{
principal: "Data Analysts",
privileges: ["SELECT"],
},
],
});
import pulumi
import pulumi_databricks as databricks
customers = databricks.Grants("customers",
table="main.reporting.customers",
grants=[
{
"principal": "Data Engineers",
"privileges": [
"MODIFY",
"SELECT",
],
},
{
"principal": "Data Analysts",
"privileges": ["SELECT"],
},
])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewGrants(ctx, "customers", &databricks.GrantsArgs{
Table: pulumi.String("main.reporting.customers"),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("MODIFY"),
pulumi.String("SELECT"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Analysts"),
Privileges: pulumi.StringArray{
pulumi.String("SELECT"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var customers = new Databricks.Grants("customers", new()
{
Table = "main.reporting.customers",
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"MODIFY",
"SELECT",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Analysts",
Privileges = new[]
{
"SELECT",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var customers = new Grants("customers", GrantsArgs.builder()
.table("main.reporting.customers")
.grants(
GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges(
"MODIFY",
"SELECT")
.build(),
GrantsGrantArgs.builder()
.principal("Data Analysts")
.privileges("SELECT")
.build())
.build());
}
}
resources:
customers:
type: databricks:Grants
properties:
table: main.reporting.customers
grants:
- principal: Data Engineers
privileges:
- MODIFY
- SELECT
- principal: Data Analysts
privileges:
- SELECT
You can also apply grants dynamically with databricks.getTables data resource:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
export = async () => {
const things = await databricks.getTables({
catalogName: "sandbox",
schemaName: "things",
});
const thingsGrants: databricks.Grants[] = [];
for (const range of things.ids.map((v, k) => ({key: k, value: v}))) {
thingsGrants.push(new databricks.Grants(`things-${range.key}`, {
table: range.value,
grants: [{
principal: "sensitive",
privileges: [
"SELECT",
"MODIFY",
],
}],
}));
}
}
import pulumi
import pulumi_databricks as databricks
things = databricks.get_tables(catalog_name="sandbox",
schema_name="things")
things_grants = []
for range in [{"key": k, "value": v} for [k, v] in enumerate(things.ids)]:
things_grants.append(databricks.Grants(f"things-{range['key']}",
table=range["value"],
grants=[{
"principal": "sensitive",
"privileges": [
"SELECT",
"MODIFY",
],
}]))
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
things, err := databricks.GetTables(ctx, &databricks.GetTablesArgs{
CatalogName: "sandbox",
SchemaName: "things",
}, nil)
if err != nil {
return err
}
var thingsGrants []*databricks.Grants
for key0, val0 := range things.Ids {
__res, err := databricks.NewGrants(ctx, fmt.Sprintf("things-%v", key0), &databricks.GrantsArgs{
Table: pulumi.String(val0),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("sensitive"),
Privileges: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("MODIFY"),
},
},
},
})
if err != nil {
return err
}
thingsGrants = append(thingsGrants, __res)
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(async() =>
{
var things = await Databricks.GetTables.InvokeAsync(new()
{
CatalogName = "sandbox",
SchemaName = "things",
});
var thingsGrants = new List<Databricks.Grants>();
foreach (var range in )
{
thingsGrants.Add(new Databricks.Grants($"things-{range.Key}", new()
{
Table = range.Value,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "sensitive",
Privileges = new[]
{
"SELECT",
"MODIFY",
},
},
},
}));
}
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetTablesArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var things = DatabricksFunctions.getTables(GetTablesArgs.builder()
.catalogName("sandbox")
.schemaName("things")
.build());
final var thingsGrants = things.applyValue(getTablesResult -> {
final var resources = new ArrayList<Grants>();
for (var range : KeyedValue.of(getTablesResult.ids()) {
var resource = new Grants("thingsGrants-" + range.key(), GrantsArgs.builder()
.table(range.value())
.grants(GrantsGrantArgs.builder()
.principal("sensitive")
.privileges(
"SELECT",
"MODIFY")
.build())
.build());
resources.add(resource);
}
return resources;
});
}
}
resources:
thingsGrants:
type: databricks:Grants
name: things
properties:
table: ${range.value}
grants:
- principal: sensitive
privileges:
- SELECT
- MODIFY
options: {}
variables:
things:
fn::invoke:
Function: databricks:getTables
Arguments:
catalogName: sandbox
schemaName: things
View grants
You can grant ALL_PRIVILEGES, APPLY_TAG and SELECT privileges to catalog.schema.view specified in table attribute.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const customer360 = new databricks.Grants("customer360", {
table: "main.reporting.customer360",
grants: [{
principal: "Data Analysts",
privileges: ["SELECT"],
}],
});
import pulumi
import pulumi_databricks as databricks
customer360 = databricks.Grants("customer360",
table="main.reporting.customer360",
grants=[{
"principal": "Data Analysts",
"privileges": ["SELECT"],
}])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewGrants(ctx, "customer360", &databricks.GrantsArgs{
Table: pulumi.String("main.reporting.customer360"),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Analysts"),
Privileges: pulumi.StringArray{
pulumi.String("SELECT"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var customer360 = new Databricks.Grants("customer360", new()
{
Table = "main.reporting.customer360",
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Analysts",
Privileges = new[]
{
"SELECT",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var customer360 = new Grants("customer360", GrantsArgs.builder()
.table("main.reporting.customer360")
.grants(GrantsGrantArgs.builder()
.principal("Data Analysts")
.privileges("SELECT")
.build())
.build());
}
}
resources:
customer360:
type: databricks:Grants
properties:
table: main.reporting.customer360
grants:
- principal: Data Analysts
privileges:
- SELECT
You can also apply grants dynamically with databricks.getViews data resource:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
export = async () => {
const customers = await databricks.getViews({
catalogName: "main",
schemaName: "customers",
});
const customersGrants: databricks.Grants[] = [];
for (const range of customers.ids.map((v, k) => ({key: k, value: v}))) {
customersGrants.push(new databricks.Grants(`customers-${range.key}`, {
table: range.value,
grants: [{
principal: "sensitive",
privileges: [
"SELECT",
"MODIFY",
],
}],
}));
}
}
import pulumi
import pulumi_databricks as databricks
customers = databricks.get_views(catalog_name="main",
schema_name="customers")
customers_grants = []
for range in [{"key": k, "value": v} for [k, v] in enumerate(customers.ids)]:
customers_grants.append(databricks.Grants(f"customers-{range['key']}",
table=range["value"],
grants=[{
"principal": "sensitive",
"privileges": [
"SELECT",
"MODIFY",
],
}]))
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
customers, err := databricks.GetViews(ctx, &databricks.GetViewsArgs{
CatalogName: "main",
SchemaName: "customers",
}, nil)
if err != nil {
return err
}
var customersGrants []*databricks.Grants
for key0, val0 := range customers.Ids {
__res, err := databricks.NewGrants(ctx, fmt.Sprintf("customers-%v", key0), &databricks.GrantsArgs{
Table: pulumi.String(val0),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("sensitive"),
Privileges: pulumi.StringArray{
pulumi.String("SELECT"),
pulumi.String("MODIFY"),
},
},
},
})
if err != nil {
return err
}
customersGrants = append(customersGrants, __res)
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(async() =>
{
var customers = await Databricks.GetViews.InvokeAsync(new()
{
CatalogName = "main",
SchemaName = "customers",
});
var customersGrants = new List<Databricks.Grants>();
foreach (var range in )
{
customersGrants.Add(new Databricks.Grants($"customers-{range.Key}", new()
{
Table = range.Value,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "sensitive",
Privileges = new[]
{
"SELECT",
"MODIFY",
},
},
},
}));
}
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetViewsArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var customers = DatabricksFunctions.getViews(GetViewsArgs.builder()
.catalogName("main")
.schemaName("customers")
.build());
final var customersGrants = customers.applyValue(getViewsResult -> {
final var resources = new ArrayList<Grants>();
for (var range : KeyedValue.of(getViewsResult.ids()) {
var resource = new Grants("customersGrants-" + range.key(), GrantsArgs.builder()
.table(range.value())
.grants(GrantsGrantArgs.builder()
.principal("sensitive")
.privileges(
"SELECT",
"MODIFY")
.build())
.build());
resources.add(resource);
}
return resources;
});
}
}
resources:
customersGrants:
type: databricks:Grants
name: customers
properties:
table: ${range.value}
grants:
- principal: sensitive
privileges:
- SELECT
- MODIFY
options: {}
variables:
customers:
fn::invoke:
Function: databricks:getViews
Arguments:
catalogName: main
schemaName: customers
Volume grants
You can grant ALL_PRIVILEGES, READ_VOLUME and WRITE_VOLUME privileges to catalog.schema.volume specified in the volume attribute.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.Volume("this", {
name: "quickstart_volume",
catalogName: sandbox.name,
schemaName: things.name,
volumeType: "EXTERNAL",
storageLocation: some.url,
comment: "this volume is managed by terraform",
});
const volume = new databricks.Grants("volume", {
volume: _this.id,
grants: [{
principal: "Data Engineers",
privileges: ["WRITE_VOLUME"],
}],
});
import pulumi
import pulumi_databricks as databricks
this = databricks.Volume("this",
name="quickstart_volume",
catalog_name=sandbox["name"],
schema_name=things["name"],
volume_type="EXTERNAL",
storage_location=some["url"],
comment="this volume is managed by terraform")
volume = databricks.Grants("volume",
volume=this.id,
grants=[{
"principal": "Data Engineers",
"privileges": ["WRITE_VOLUME"],
}])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := databricks.NewVolume(ctx, "this", &databricks.VolumeArgs{
Name: pulumi.String("quickstart_volume"),
CatalogName: pulumi.Any(sandbox.Name),
SchemaName: pulumi.Any(things.Name),
VolumeType: pulumi.String("EXTERNAL"),
StorageLocation: pulumi.Any(some.Url),
Comment: pulumi.String("this volume is managed by terraform"),
})
if err != nil {
return err
}
_, err = databricks.NewGrants(ctx, "volume", &databricks.GrantsArgs{
Volume: this.ID(),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("WRITE_VOLUME"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.Volume("this", new()
{
Name = "quickstart_volume",
CatalogName = sandbox.Name,
SchemaName = things.Name,
VolumeType = "EXTERNAL",
StorageLocation = some.Url,
Comment = "this volume is managed by terraform",
});
var volume = new Databricks.Grants("volume", new()
{
Volume = @this.Id,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"WRITE_VOLUME",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Volume;
import com.pulumi.databricks.VolumeArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new Volume("this", VolumeArgs.builder()
.name("quickstart_volume")
.catalogName(sandbox.name())
.schemaName(things.name())
.volumeType("EXTERNAL")
.storageLocation(some.url())
.comment("this volume is managed by terraform")
.build());
var volume = new Grants("volume", GrantsArgs.builder()
.volume(this_.id())
.grants(GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges("WRITE_VOLUME")
.build())
.build());
}
}
resources:
this:
type: databricks:Volume
properties:
name: quickstart_volume
catalogName: ${sandbox.name}
schemaName: ${things.name}
volumeType: EXTERNAL
storageLocation: ${some.url}
comment: this volume is managed by terraform
volume:
type: databricks:Grants
properties:
volume: ${this.id}
grants:
- principal: Data Engineers
privileges:
- WRITE_VOLUME
Registered model grants
You can grant ALL_PRIVILEGES, APPLY_TAG, and EXECUTE privileges to catalog.schema.model specified in the model attribute.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const customers = new databricks.Grants("customers", {
model: "main.reporting.customer_model",
grants: [
{
principal: "Data Engineers",
privileges: [
"APPLY_TAG",
"EXECUTE",
],
},
{
principal: "Data Analysts",
privileges: ["EXECUTE"],
},
],
});
import pulumi
import pulumi_databricks as databricks
customers = databricks.Grants("customers",
model="main.reporting.customer_model",
grants=[
{
"principal": "Data Engineers",
"privileges": [
"APPLY_TAG",
"EXECUTE",
],
},
{
"principal": "Data Analysts",
"privileges": ["EXECUTE"],
},
])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewGrants(ctx, "customers", &databricks.GrantsArgs{
Model: pulumi.String("main.reporting.customer_model"),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("APPLY_TAG"),
pulumi.String("EXECUTE"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Analysts"),
Privileges: pulumi.StringArray{
pulumi.String("EXECUTE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var customers = new Databricks.Grants("customers", new()
{
Model = "main.reporting.customer_model",
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"APPLY_TAG",
"EXECUTE",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Analysts",
Privileges = new[]
{
"EXECUTE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var customers = new Grants("customers", GrantsArgs.builder()
.model("main.reporting.customer_model")
.grants(
GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges(
"APPLY_TAG",
"EXECUTE")
.build(),
GrantsGrantArgs.builder()
.principal("Data Analysts")
.privileges("EXECUTE")
.build())
.build());
}
}
resources:
customers:
type: databricks:Grants
properties:
model: main.reporting.customer_model
grants:
- principal: Data Engineers
privileges:
- APPLY_TAG
- EXECUTE
- principal: Data Analysts
privileges:
- EXECUTE
Function grants
You can grant ALL_PRIVILEGES and EXECUTE privileges to catalog.schema.function specified in the function attribute.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const udf = new databricks.Grants("udf", {
"function": "main.reporting.udf",
grants: [
{
principal: "Data Engineers",
privileges: ["EXECUTE"],
},
{
principal: "Data Analysts",
privileges: ["EXECUTE"],
},
],
});
import pulumi
import pulumi_databricks as databricks
udf = databricks.Grants("udf",
function="main.reporting.udf",
grants=[
{
"principal": "Data Engineers",
"privileges": ["EXECUTE"],
},
{
"principal": "Data Analysts",
"privileges": ["EXECUTE"],
},
])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewGrants(ctx, "udf", &databricks.GrantsArgs{
Function: pulumi.String("main.reporting.udf"),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("EXECUTE"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Analysts"),
Privileges: pulumi.StringArray{
pulumi.String("EXECUTE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var udf = new Databricks.Grants("udf", new()
{
Function = "main.reporting.udf",
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"EXECUTE",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Analysts",
Privileges = new[]
{
"EXECUTE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var udf = new Grants("udf", GrantsArgs.builder()
.function("main.reporting.udf")
.grants(
GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges("EXECUTE")
.build(),
GrantsGrantArgs.builder()
.principal("Data Analysts")
.privileges("EXECUTE")
.build())
.build());
}
}
resources:
udf:
type: databricks:Grants
properties:
function: main.reporting.udf
grants:
- principal: Data Engineers
privileges:
- EXECUTE
- principal: Data Analysts
privileges:
- EXECUTE
Storage credential grants
You can grant ALL_PRIVILEGES, CREATE_EXTERNAL_LOCATION, CREATE_EXTERNAL_TABLE, READ_FILES and WRITE_FILES privileges to databricks.StorageCredential id specified in storage_credential attribute:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const external = new databricks.StorageCredential("external", {
name: externalDataAccess.name,
awsIamRole: {
roleArn: externalDataAccess.arn,
},
comment: "Managed by TF",
});
const externalCreds = new databricks.Grants("external_creds", {
storageCredential: external.id,
grants: [{
principal: "Data Engineers",
privileges: ["CREATE_EXTERNAL_TABLE"],
}],
});
import pulumi
import pulumi_databricks as databricks
external = databricks.StorageCredential("external",
name=external_data_access["name"],
aws_iam_role={
"role_arn": external_data_access["arn"],
},
comment="Managed by TF")
external_creds = databricks.Grants("external_creds",
storage_credential=external.id,
grants=[{
"principal": "Data Engineers",
"privileges": ["CREATE_EXTERNAL_TABLE"],
}])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
external, err := databricks.NewStorageCredential(ctx, "external", &databricks.StorageCredentialArgs{
Name: pulumi.Any(externalDataAccess.Name),
AwsIamRole: &databricks.StorageCredentialAwsIamRoleArgs{
RoleArn: pulumi.Any(externalDataAccess.Arn),
},
Comment: pulumi.String("Managed by TF"),
})
if err != nil {
return err
}
_, err = databricks.NewGrants(ctx, "external_creds", &databricks.GrantsArgs{
StorageCredential: external.ID(),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_EXTERNAL_TABLE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var external = new Databricks.StorageCredential("external", new()
{
Name = externalDataAccess.Name,
AwsIamRole = new Databricks.Inputs.StorageCredentialAwsIamRoleArgs
{
RoleArn = externalDataAccess.Arn,
},
Comment = "Managed by TF",
});
var externalCreds = new Databricks.Grants("external_creds", new()
{
StorageCredential = external.Id,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"CREATE_EXTERNAL_TABLE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.StorageCredential;
import com.pulumi.databricks.StorageCredentialArgs;
import com.pulumi.databricks.inputs.StorageCredentialAwsIamRoleArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var external = new StorageCredential("external", StorageCredentialArgs.builder()
.name(externalDataAccess.name())
.awsIamRole(StorageCredentialAwsIamRoleArgs.builder()
.roleArn(externalDataAccess.arn())
.build())
.comment("Managed by TF")
.build());
var externalCreds = new Grants("externalCreds", GrantsArgs.builder()
.storageCredential(external.id())
.grants(GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges("CREATE_EXTERNAL_TABLE")
.build())
.build());
}
}
resources:
external:
type: databricks:StorageCredential
properties:
name: ${externalDataAccess.name}
awsIamRole:
roleArn: ${externalDataAccess.arn}
comment: Managed by TF
externalCreds:
type: databricks:Grants
name: external_creds
properties:
storageCredential: ${external.id}
grants:
- principal: Data Engineers
privileges:
- CREATE_EXTERNAL_TABLE
External location grants
You can grant ALL_PRIVILEGES, CREATE_EXTERNAL_TABLE, CREATE_MANAGED_STORAGE, CREATE EXTERNAL VOLUME, READ_FILES and WRITE_FILES privileges to databricks.ExternalLocation id specified in external_location attribute:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const some = new databricks.ExternalLocation("some", {
name: "external",
url: `s3://${externalAwsS3Bucket.id}/some`,
credentialName: external.id,
comment: "Managed by TF",
});
const someGrants = new databricks.Grants("some", {
externalLocation: some.id,
grants: [
{
principal: "Data Engineers",
privileges: [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
{
principal: mySp.applicationId,
privileges: [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
{
principal: myGroup.displayName,
privileges: [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
{
principal: myUser.userName,
privileges: [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
],
});
import pulumi
import pulumi_databricks as databricks
some = databricks.ExternalLocation("some",
name="external",
url=f"s3://{external_aws_s3_bucket['id']}/some",
credential_name=external["id"],
comment="Managed by TF")
some_grants = databricks.Grants("some",
external_location=some.id,
grants=[
{
"principal": "Data Engineers",
"privileges": [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
{
"principal": my_sp["applicationId"],
"privileges": [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
{
"principal": my_group["displayName"],
"privileges": [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
{
"principal": my_user["userName"],
"privileges": [
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
],
},
])
package main
import (
"fmt"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
some, err := databricks.NewExternalLocation(ctx, "some", &databricks.ExternalLocationArgs{
Name: pulumi.String("external"),
Url: pulumi.Sprintf("s3://%v/some", externalAwsS3Bucket.Id),
CredentialName: pulumi.Any(external.Id),
Comment: pulumi.String("Managed by TF"),
})
if err != nil {
return err
}
_, err = databricks.NewGrants(ctx, "some", &databricks.GrantsArgs{
ExternalLocation: some.ID(),
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_EXTERNAL_TABLE"),
pulumi.String("READ_FILES"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.Any(mySp.ApplicationId),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_EXTERNAL_TABLE"),
pulumi.String("READ_FILES"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.Any(myGroup.DisplayName),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_EXTERNAL_TABLE"),
pulumi.String("READ_FILES"),
},
},
&databricks.GrantsGrantArgs{
Principal: pulumi.Any(myUser.UserName),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_EXTERNAL_TABLE"),
pulumi.String("READ_FILES"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var some = new Databricks.ExternalLocation("some", new()
{
Name = "external",
Url = $"s3://{externalAwsS3Bucket.Id}/some",
CredentialName = external.Id,
Comment = "Managed by TF",
});
var someGrants = new Databricks.Grants("some", new()
{
ExternalLocation = some.Id,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = mySp.ApplicationId,
Privileges = new[]
{
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = myGroup.DisplayName,
Privileges = new[]
{
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
},
},
new Databricks.Inputs.GrantsGrantArgs
{
Principal = myUser.UserName,
Privileges = new[]
{
"CREATE_EXTERNAL_TABLE",
"READ_FILES",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.ExternalLocation;
import com.pulumi.databricks.ExternalLocationArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var some = new ExternalLocation("some", ExternalLocationArgs.builder()
.name("external")
.url(String.format("s3://%s/some", externalAwsS3Bucket.id()))
.credentialName(external.id())
.comment("Managed by TF")
.build());
var someGrants = new Grants("someGrants", GrantsArgs.builder()
.externalLocation(some.id())
.grants(
GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges(
"CREATE_EXTERNAL_TABLE",
"READ_FILES")
.build(),
GrantsGrantArgs.builder()
.principal(mySp.applicationId())
.privileges(
"CREATE_EXTERNAL_TABLE",
"READ_FILES")
.build(),
GrantsGrantArgs.builder()
.principal(myGroup.displayName())
.privileges(
"CREATE_EXTERNAL_TABLE",
"READ_FILES")
.build(),
GrantsGrantArgs.builder()
.principal(myUser.userName())
.privileges(
"CREATE_EXTERNAL_TABLE",
"READ_FILES")
.build())
.build());
}
}
resources:
some:
type: databricks:ExternalLocation
properties:
name: external
url: s3://${externalAwsS3Bucket.id}/some
credentialName: ${external.id}
comment: Managed by TF
someGrants:
type: databricks:Grants
name: some
properties:
externalLocation: ${some.id}
grants:
- principal: Data Engineers
privileges:
- CREATE_EXTERNAL_TABLE
- READ_FILES
- principal: ${mySp.applicationId}
privileges:
- CREATE_EXTERNAL_TABLE
- READ_FILES
- principal: ${myGroup.displayName}
privileges:
- CREATE_EXTERNAL_TABLE
- READ_FILES
- principal: ${myUser.userName}
privileges:
- CREATE_EXTERNAL_TABLE
- READ_FILES
Connection grants
You can grant ALL_PRIVILEGES, USE_CONNECTION and CREATE_FOREIGN_CATALOG to databricks.Connection specified in foreign_connection attribute:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const mysql = new databricks.Connection("mysql", {
name: "mysql_connection",
connectionType: "MYSQL",
comment: "this is a connection to mysql db",
options: {
host: "test.mysql.database.azure.com",
port: "3306",
user: "user",
password: "password",
},
properties: {
purpose: "testing",
},
});
const some = new databricks.Grants("some", {
foreignConnection: mysql.name,
grants: [{
principal: "Data Engineers",
privileges: [
"CREATE_FOREIGN_CATALOG",
"USE_CONNECTION",
],
}],
});
import pulumi
import pulumi_databricks as databricks
mysql = databricks.Connection("mysql",
name="mysql_connection",
connection_type="MYSQL",
comment="this is a connection to mysql db",
options={
"host": "test.mysql.database.azure.com",
"port": "3306",
"user": "user",
"password": "password",
},
properties={
"purpose": "testing",
})
some = databricks.Grants("some",
foreign_connection=mysql.name,
grants=[{
"principal": "Data Engineers",
"privileges": [
"CREATE_FOREIGN_CATALOG",
"USE_CONNECTION",
],
}])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mysql, err := databricks.NewConnection(ctx, "mysql", &databricks.ConnectionArgs{
Name: pulumi.String("mysql_connection"),
ConnectionType: pulumi.String("MYSQL"),
Comment: pulumi.String("this is a connection to mysql db"),
Options: pulumi.StringMap{
"host": pulumi.String("test.mysql.database.azure.com"),
"port": pulumi.String("3306"),
"user": pulumi.String("user"),
"password": pulumi.String("password"),
},
Properties: pulumi.StringMap{
"purpose": pulumi.String("testing"),
},
})
if err != nil {
return err
}
_, err = databricks.NewGrants(ctx, "some", &databricks.GrantsArgs{
ForeignConnection: mysql.Name,
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("Data Engineers"),
Privileges: pulumi.StringArray{
pulumi.String("CREATE_FOREIGN_CATALOG"),
pulumi.String("USE_CONNECTION"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var mysql = new Databricks.Connection("mysql", new()
{
Name = "mysql_connection",
ConnectionType = "MYSQL",
Comment = "this is a connection to mysql db",
Options =
{
{ "host", "test.mysql.database.azure.com" },
{ "port", "3306" },
{ "user", "user" },
{ "password", "password" },
},
Properties =
{
{ "purpose", "testing" },
},
});
var some = new Databricks.Grants("some", new()
{
ForeignConnection = mysql.Name,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "Data Engineers",
Privileges = new[]
{
"CREATE_FOREIGN_CATALOG",
"USE_CONNECTION",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Connection;
import com.pulumi.databricks.ConnectionArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mysql = new Connection("mysql", ConnectionArgs.builder()
.name("mysql_connection")
.connectionType("MYSQL")
.comment("this is a connection to mysql db")
.options(Map.ofEntries(
Map.entry("host", "test.mysql.database.azure.com"),
Map.entry("port", "3306"),
Map.entry("user", "user"),
Map.entry("password", "password")
))
.properties(Map.of("purpose", "testing"))
.build());
var some = new Grants("some", GrantsArgs.builder()
.foreignConnection(mysql.name())
.grants(GrantsGrantArgs.builder()
.principal("Data Engineers")
.privileges(
"CREATE_FOREIGN_CATALOG",
"USE_CONNECTION")
.build())
.build());
}
}
resources:
mysql:
type: databricks:Connection
properties:
name: mysql_connection
connectionType: MYSQL
comment: this is a connection to mysql db
options:
host: test.mysql.database.azure.com
port: '3306'
user: user
password: password
properties:
purpose: testing
some:
type: databricks:Grants
properties:
foreignConnection: ${mysql.name}
grants:
- principal: Data Engineers
privileges:
- CREATE_FOREIGN_CATALOG
- USE_CONNECTION
Delta Sharing share grants
You can grant SELECT to databricks.Recipient on databricks.Share name specified in share attribute:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const some = new databricks.Share("some", {name: "my_share"});
const someRecipient = new databricks.Recipient("some", {name: "my_recipient"});
const someGrants = new databricks.Grants("some", {
share: some.name,
grants: [{
principal: someRecipient.name,
privileges: ["SELECT"],
}],
});
import pulumi
import pulumi_databricks as databricks
some = databricks.Share("some", name="my_share")
some_recipient = databricks.Recipient("some", name="my_recipient")
some_grants = databricks.Grants("some",
share=some.name,
grants=[{
"principal": some_recipient.name,
"privileges": ["SELECT"],
}])
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
some, err := databricks.NewShare(ctx, "some", &databricks.ShareArgs{
Name: pulumi.String("my_share"),
})
if err != nil {
return err
}
someRecipient, err := databricks.NewRecipient(ctx, "some", &databricks.RecipientArgs{
Name: pulumi.String("my_recipient"),
})
if err != nil {
return err
}
_, err = databricks.NewGrants(ctx, "some", &databricks.GrantsArgs{
Share: some.Name,
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: someRecipient.Name,
Privileges: pulumi.StringArray{
pulumi.String("SELECT"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var some = new Databricks.Share("some", new()
{
Name = "my_share",
});
var someRecipient = new Databricks.Recipient("some", new()
{
Name = "my_recipient",
});
var someGrants = new Databricks.Grants("some", new()
{
Share = some.Name,
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = someRecipient.Name,
Privileges = new[]
{
"SELECT",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Share;
import com.pulumi.databricks.ShareArgs;
import com.pulumi.databricks.Recipient;
import com.pulumi.databricks.RecipientArgs;
import com.pulumi.databricks.Grants;
import com.pulumi.databricks.GrantsArgs;
import com.pulumi.databricks.inputs.GrantsGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var some = new Share("some", ShareArgs.builder()
.name("my_share")
.build());
var someRecipient = new Recipient("someRecipient", RecipientArgs.builder()
.name("my_recipient")
.build());
var someGrants = new Grants("someGrants", GrantsArgs.builder()
.share(some.name())
.grants(GrantsGrantArgs.builder()
.principal(someRecipient.name())
.privileges("SELECT")
.build())
.build());
}
}
resources:
some:
type: databricks:Share
properties:
name: my_share
someRecipient:
type: databricks:Recipient
name: some
properties:
name: my_recipient
someGrants:
type: databricks:Grants
name: some
properties:
share: ${some.name}
grants:
- principal: ${someRecipient.name}
privileges:
- SELECT
Other access control
You can control Databricks General Permissions through databricks.Permissions resource.
Create Grants Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Grants(name: string, args: GrantsArgs, opts?: CustomResourceOptions);@overload
def Grants(resource_name: str,
args: GrantsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Grants(resource_name: str,
opts: Optional[ResourceOptions] = None,
grants: Optional[Sequence[GrantsGrantArgs]] = None,
model: Optional[str] = None,
foreign_connection: Optional[str] = None,
function: Optional[str] = None,
external_location: Optional[str] = None,
metastore: Optional[str] = None,
catalog: Optional[str] = None,
pipeline: Optional[str] = None,
recipient: Optional[str] = None,
schema: Optional[str] = None,
share: Optional[str] = None,
storage_credential: Optional[str] = None,
table: Optional[str] = None,
volume: Optional[str] = None)func NewGrants(ctx *Context, name string, args GrantsArgs, opts ...ResourceOption) (*Grants, error)public Grants(string name, GrantsArgs args, CustomResourceOptions? opts = null)
public Grants(String name, GrantsArgs args)
public Grants(String name, GrantsArgs args, CustomResourceOptions options)
type: databricks:Grants
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GrantsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GrantsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GrantsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GrantsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GrantsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var grantsResource = new Databricks.Grants("grantsResource", new()
{
GrantDetails = new[]
{
new Databricks.Inputs.GrantsGrantArgs
{
Principal = "string",
Privileges = new[]
{
"string",
},
},
},
Model = "string",
ForeignConnection = "string",
Function = "string",
ExternalLocation = "string",
Metastore = "string",
Catalog = "string",
Pipeline = "string",
Recipient = "string",
Schema = "string",
Share = "string",
StorageCredential = "string",
Table = "string",
Volume = "string",
});
example, err := databricks.NewGrants(ctx, "grantsResource", &databricks.GrantsArgs{
Grants: databricks.GrantsGrantArray{
&databricks.GrantsGrantArgs{
Principal: pulumi.String("string"),
Privileges: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Model: pulumi.String("string"),
ForeignConnection: pulumi.String("string"),
Function: pulumi.String("string"),
ExternalLocation: pulumi.String("string"),
Metastore: pulumi.String("string"),
Catalog: pulumi.String("string"),
Pipeline: pulumi.String("string"),
Recipient: pulumi.String("string"),
Schema: pulumi.String("string"),
Share: pulumi.String("string"),
StorageCredential: pulumi.String("string"),
Table: pulumi.String("string"),
Volume: pulumi.String("string"),
})
var grantsResource = new Grants("grantsResource", GrantsArgs.builder()
.grants(GrantsGrantArgs.builder()
.principal("string")
.privileges("string")
.build())
.model("string")
.foreignConnection("string")
.function("string")
.externalLocation("string")
.metastore("string")
.catalog("string")
.pipeline("string")
.recipient("string")
.schema("string")
.share("string")
.storageCredential("string")
.table("string")
.volume("string")
.build());
grants_resource = databricks.Grants("grantsResource",
grants=[{
"principal": "string",
"privileges": ["string"],
}],
model="string",
foreign_connection="string",
function="string",
external_location="string",
metastore="string",
catalog="string",
pipeline="string",
recipient="string",
schema="string",
share="string",
storage_credential="string",
table="string",
volume="string")
const grantsResource = new databricks.Grants("grantsResource", {
grants: [{
principal: "string",
privileges: ["string"],
}],
model: "string",
foreignConnection: "string",
"function": "string",
externalLocation: "string",
metastore: "string",
catalog: "string",
pipeline: "string",
recipient: "string",
schema: "string",
share: "string",
storageCredential: "string",
table: "string",
volume: "string",
});
type: databricks:Grants
properties:
catalog: string
externalLocation: string
foreignConnection: string
function: string
grants:
- principal: string
privileges:
- string
metastore: string
model: string
pipeline: string
recipient: string
schema: string
share: string
storageCredential: string
table: string
volume: string
Grants Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Grants resource accepts the following input properties:
- Grant
Details List<GrantsGrant> - Catalog string
- External
Location string - Foreign
Connection string - Function string
- Metastore string
- Model string
- Pipeline string
- Recipient string
- Schema string
- string
- Storage
Credential string - Table string
- Volume string
- Grants
[]Grants
Grant Args - Catalog string
- External
Location string - Foreign
Connection string - Function string
- Metastore string
- Model string
- Pipeline string
- Recipient string
- Schema string
- string
- Storage
Credential string - Table string
- Volume string
- grants
List<Grants
Grant> - catalog String
- external
Location String - foreign
Connection String - function String
- metastore String
- model String
- pipeline String
- recipient String
- schema String
- String
- storage
Credential String - table String
- volume String
- grants
Grants
Grant[] - catalog string
- external
Location string - foreign
Connection string - function string
- metastore string
- model string
- pipeline string
- recipient string
- schema string
- string
- storage
Credential string - table string
- volume string
- grants
Sequence[Grants
Grant Args] - catalog str
- external_
location str - foreign_
connection str - function str
- metastore str
- model str
- pipeline str
- recipient str
- schema str
- str
- storage_
credential str - table str
- volume str
- grants List<Property Map>
- catalog String
- external
Location String - foreign
Connection String - function String
- metastore String
- model String
- pipeline String
- recipient String
- schema String
- String
- storage
Credential String - table String
- volume String
Outputs
All input properties are implicitly available as output properties. Additionally, the Grants resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Grants Resource
Get an existing Grants resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GrantsState, opts?: CustomResourceOptions): Grants@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
catalog: Optional[str] = None,
external_location: Optional[str] = None,
foreign_connection: Optional[str] = None,
function: Optional[str] = None,
grants: Optional[Sequence[GrantsGrantArgs]] = None,
metastore: Optional[str] = None,
model: Optional[str] = None,
pipeline: Optional[str] = None,
recipient: Optional[str] = None,
schema: Optional[str] = None,
share: Optional[str] = None,
storage_credential: Optional[str] = None,
table: Optional[str] = None,
volume: Optional[str] = None) -> Grantsfunc GetGrants(ctx *Context, name string, id IDInput, state *GrantsState, opts ...ResourceOption) (*Grants, error)public static Grants Get(string name, Input<string> id, GrantsState? state, CustomResourceOptions? opts = null)public static Grants get(String name, Output<String> id, GrantsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Catalog string
- External
Location string - Foreign
Connection string - Function string
- Grant
Details List<GrantsGrant> - Metastore string
- Model string
- Pipeline string
- Recipient string
- Schema string
- string
- Storage
Credential string - Table string
- Volume string
- Catalog string
- External
Location string - Foreign
Connection string - Function string
- Grants
[]Grants
Grant Args - Metastore string
- Model string
- Pipeline string
- Recipient string
- Schema string
- string
- Storage
Credential string - Table string
- Volume string
- catalog String
- external
Location String - foreign
Connection String - function String
- grants
List<Grants
Grant> - metastore String
- model String
- pipeline String
- recipient String
- schema String
- String
- storage
Credential String - table String
- volume String
- catalog string
- external
Location string - foreign
Connection string - function string
- grants
Grants
Grant[] - metastore string
- model string
- pipeline string
- recipient string
- schema string
- string
- storage
Credential string - table string
- volume string
- catalog str
- external_
location str - foreign_
connection str - function str
- grants
Sequence[Grants
Grant Args] - metastore str
- model str
- pipeline str
- recipient str
- schema str
- str
- storage_
credential str - table str
- volume str
- catalog String
- external
Location String - foreign
Connection String - function String
- grants List<Property Map>
- metastore String
- model String
- pipeline String
- recipient String
- schema String
- String
- storage
Credential String - table String
- volume String
Supporting Types
GrantsGrant, GrantsGrantArgs
- Principal string
- Privileges List<string>
- Principal string
- Privileges []string
- principal String
- privileges List<String>
- principal string
- privileges string[]
- principal str
- privileges Sequence[str]
- principal String
- privileges List<String>
Import
The resource can be imported using combination of securable type (table, catalog, foreign_connection, …) and it’s name:
bash
$ pulumi import databricks:index/grants:Grants this catalog/abc
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.