Catalog Privileges
Frequently Asked Questions about Catalog Privileges
Can users define policies at different levels of granularity?
Yes, users can define privileges at catalog, schema, table, and column levels, providing fine-grained control over data access.
Are privileges applied to individual users or groups?
Currently, privileges can be defined for users and groups.
What types of privileges can be defined?
Currently, users can define access privileges only. Row filtering and column masking privileges are not supported initially but are planned for future releases.
How do I modify a privilege?
Currently, the Data Admin can modify the privilege by selecting the relevant privileges in the catalog privileges screen and updating the details of the privilege. The updated privileges will start reflecting in 60-90s seconds.
How are unauthorized queries handled?
Unauthorized queries are cancelled during execution, and users receive appropriate error messages. Additionally, query history reflects denied access for transparency and auditability.
What happens if a new user is added without specified privileges?
In a governed cluster, if a new user is added without specified privileges, they are assumed to have access to no data. It is essential to add privileges for new users or add new users to certain groups to avoid query failures for them.
Last updated