Catalog Privileges

Frequently Asked Questions about Catalog Privileges

Can users define policies at different levels of granularity?

Yes, users can define privileges at catalog, schema, table, and column levels, providing fine-grained control over data access.

Are privileges applied to individual users or groups?

Currently, privileges can be defined for users and groups.

What types of privileges can be defined?

Currently, users can define access privileges only. Row filtering and column masking privileges are not supported initially but are planned for future releases.

How do I modify a privilege?

Currently, the Data Admin can modify the privilege by selecting the relevant privileges in the catalog privileges screen and updating the details of the privilege. The updated privileges will start reflecting in 60-90s seconds.

How are unauthorized queries handled?

Unauthorized queries are cancelled during execution, and users receive appropriate error messages. Additionally, query history reflects denied access for transparency and auditability.

What happens if a new user is added without specified privileges?

In a governed cluster, if a new user is added without specified privileges, they are assumed to have access to no data. It is essential to add privileges for new users or add new users to certain groups to avoid query failures for them.

What are the benefits of catalog privileges for users?

This feature simplifies data access management, enhances data security, and provides transparent control over access policies, ensuring compliance for users.

How does the system handle performance implications when applying access privileges to large datasets or complex queries?

The system is designed to apply access privileges efficiently during query execution without significant performance overhead.

Last updated

#930: Cross account hive GCP

Change request updated