1. Packages
  2. Databricks Provider
  3. API Docs
  4. Grant
Databricks v1.65.0 published on Wednesday, Apr 9, 2025 by Pulumi

databricks.Grant

Explore with Pulumi AI

This article refers to the privileges and inheritance model in Privilege Model version 1.0. If you created your metastore during the public preview (before August 25, 2022), you can upgrade to Privilege Model version 1.0 following Upgrade to privilege inheritance

Most of Unity Catalog APIs are only accessible via workspace-level APIs. This design may change in the future. Account-level principal grants can be assigned with any valid workspace as the Unity Catalog is decoupled from specific workspaces. More information in the official documentation.

In Unity Catalog all users initially have no access to data. Only Metastore Admins can create objects and can grant/revoke access on individual objects to users and groups. Every securable object in Unity Catalog has an owner. The owner can be any account-level user or group, called principals in general. The principal that creates an object becomes its owner. Owners receive ALL_PRIVILEGES on the securable object (e.g., SELECT and MODIFY on a table), as well as the permission to grant privileges to other principals.

Securable objects are hierarchical and privileges are inherited downward. The highest level object that privileges are inherited from is the catalog. This means that granting a privilege on a catalog or schema automatically grants the privilege to all current and future objects within the catalog or schema. Privileges that are granted on a metastore are not inherited.

Every databricks.Grant resource must have exactly one securable identifier and the following arguments:

  • principal - User name, group name or service principal application ID.
  • privileges - One or more privileges that are specific to a securable type.

For the latest list of privilege types that apply to each securable object in Unity Catalog, please refer to the official documentation

Pulumi will handle any configuration drift for the specified principal on every pulumi up run, even when grants are changed outside of Pulumi state.

See databricks.Grants for the list of privilege types that apply to each securable object.

Metastore grants

See databricks.Grants Metastore grants for the list of privileges that apply to Metastores.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const sandboxDataEngineers = new databricks.Grant("sandbox_data_engineers", {
    metastore: "metastore_id",
    principal: "Data Engineers",
    privileges: [
        "CREATE_CATALOG",
        "CREATE_EXTERNAL_LOCATION",
    ],
});
const sandboxDataSharer = new databricks.Grant("sandbox_data_sharer", {
    metastore: "metastore_id",
    principal: "Data Sharer",
    privileges: [
        "CREATE_RECIPIENT",
        "CREATE_SHARE",
    ],
});
Copy
import pulumi
import pulumi_databricks as databricks

sandbox_data_engineers = databricks.Grant("sandbox_data_engineers",
    metastore="metastore_id",
    principal="Data Engineers",
    privileges=[
        "CREATE_CATALOG",
        "CREATE_EXTERNAL_LOCATION",
    ])
sandbox_data_sharer = databricks.Grant("sandbox_data_sharer",
    metastore="metastore_id",
    principal="Data Sharer",
    privileges=[
        "CREATE_RECIPIENT",
        "CREATE_SHARE",
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := databricks.NewGrant(ctx, "sandbox_data_engineers", &databricks.GrantArgs{
			Metastore: pulumi.String("metastore_id"),
			Principal: pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("CREATE_CATALOG"),
				pulumi.String("CREATE_EXTERNAL_LOCATION"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "sandbox_data_sharer", &databricks.GrantArgs{
			Metastore: pulumi.String("metastore_id"),
			Principal: pulumi.String("Data Sharer"),
			Privileges: pulumi.StringArray{
				pulumi.String("CREATE_RECIPIENT"),
				pulumi.String("CREATE_SHARE"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var sandboxDataEngineers = new Databricks.Grant("sandbox_data_engineers", new()
    {
        Metastore = "metastore_id",
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "CREATE_CATALOG",
            "CREATE_EXTERNAL_LOCATION",
        },
    });

    var sandboxDataSharer = new Databricks.Grant("sandbox_data_sharer", new()
    {
        Metastore = "metastore_id",
        Principal = "Data Sharer",
        Privileges = new[]
        {
            "CREATE_RECIPIENT",
            "CREATE_SHARE",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var sandboxDataEngineers = new Grant("sandboxDataEngineers", GrantArgs.builder()
            .metastore("metastore_id")
            .principal("Data Engineers")
            .privileges(            
                "CREATE_CATALOG",
                "CREATE_EXTERNAL_LOCATION")
            .build());

        var sandboxDataSharer = new Grant("sandboxDataSharer", GrantArgs.builder()
            .metastore("metastore_id")
            .principal("Data Sharer")
            .privileges(            
                "CREATE_RECIPIENT",
                "CREATE_SHARE")
            .build());

    }
}
Copy
resources:
  sandboxDataEngineers:
    type: databricks:Grant
    name: sandbox_data_engineers
    properties:
      metastore: metastore_id
      principal: Data Engineers
      privileges:
        - CREATE_CATALOG
        - CREATE_EXTERNAL_LOCATION
  sandboxDataSharer:
    type: databricks:Grant
    name: sandbox_data_sharer
    properties:
      metastore: metastore_id
      principal: Data Sharer
      privileges:
        - CREATE_RECIPIENT
        - CREATE_SHARE
Copy

Catalog grants

See databricks.Grants Catalog grants for the list of privileges that apply to Catalogs.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const sandbox = new databricks.Catalog("sandbox", {
    name: "sandbox",
    comment: "this catalog is managed by terraform",
    properties: {
        purpose: "testing",
    },
});
const sandboxDataScientists = new databricks.Grant("sandbox_data_scientists", {
    catalog: sandbox.name,
    principal: "Data Scientists",
    privileges: [
        "USE_CATALOG",
        "USE_SCHEMA",
        "CREATE_TABLE",
        "SELECT",
    ],
});
const sandboxDataEngineers = new databricks.Grant("sandbox_data_engineers", {
    catalog: sandbox.name,
    principal: "Data Engineers",
    privileges: [
        "USE_CATALOG",
        "USE_SCHEMA",
        "CREATE_SCHEMA",
        "CREATE_TABLE",
        "MODIFY",
    ],
});
const sandboxDataAnalyst = new databricks.Grant("sandbox_data_analyst", {
    catalog: sandbox.name,
    principal: "Data Analyst",
    privileges: [
        "USE_CATALOG",
        "USE_SCHEMA",
        "SELECT",
    ],
});
Copy
import pulumi
import pulumi_databricks as databricks

sandbox = databricks.Catalog("sandbox",
    name="sandbox",
    comment="this catalog is managed by terraform",
    properties={
        "purpose": "testing",
    })
sandbox_data_scientists = databricks.Grant("sandbox_data_scientists",
    catalog=sandbox.name,
    principal="Data Scientists",
    privileges=[
        "USE_CATALOG",
        "USE_SCHEMA",
        "CREATE_TABLE",
        "SELECT",
    ])
sandbox_data_engineers = databricks.Grant("sandbox_data_engineers",
    catalog=sandbox.name,
    principal="Data Engineers",
    privileges=[
        "USE_CATALOG",
        "USE_SCHEMA",
        "CREATE_SCHEMA",
        "CREATE_TABLE",
        "MODIFY",
    ])
sandbox_data_analyst = databricks.Grant("sandbox_data_analyst",
    catalog=sandbox.name,
    principal="Data Analyst",
    privileges=[
        "USE_CATALOG",
        "USE_SCHEMA",
        "SELECT",
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sandbox, err := databricks.NewCatalog(ctx, "sandbox", &databricks.CatalogArgs{
			Name:    pulumi.String("sandbox"),
			Comment: pulumi.String("this catalog is managed by terraform"),
			Properties: pulumi.StringMap{
				"purpose": pulumi.String("testing"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "sandbox_data_scientists", &databricks.GrantArgs{
			Catalog:   sandbox.Name,
			Principal: pulumi.String("Data Scientists"),
			Privileges: pulumi.StringArray{
				pulumi.String("USE_CATALOG"),
				pulumi.String("USE_SCHEMA"),
				pulumi.String("CREATE_TABLE"),
				pulumi.String("SELECT"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "sandbox_data_engineers", &databricks.GrantArgs{
			Catalog:   sandbox.Name,
			Principal: pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("USE_CATALOG"),
				pulumi.String("USE_SCHEMA"),
				pulumi.String("CREATE_SCHEMA"),
				pulumi.String("CREATE_TABLE"),
				pulumi.String("MODIFY"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "sandbox_data_analyst", &databricks.GrantArgs{
			Catalog:   sandbox.Name,
			Principal: pulumi.String("Data Analyst"),
			Privileges: pulumi.StringArray{
				pulumi.String("USE_CATALOG"),
				pulumi.String("USE_SCHEMA"),
				pulumi.String("SELECT"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var sandbox = new Databricks.Catalog("sandbox", new()
    {
        Name = "sandbox",
        Comment = "this catalog is managed by terraform",
        Properties = 
        {
            { "purpose", "testing" },
        },
    });

    var sandboxDataScientists = new Databricks.Grant("sandbox_data_scientists", new()
    {
        Catalog = sandbox.Name,
        Principal = "Data Scientists",
        Privileges = new[]
        {
            "USE_CATALOG",
            "USE_SCHEMA",
            "CREATE_TABLE",
            "SELECT",
        },
    });

    var sandboxDataEngineers = new Databricks.Grant("sandbox_data_engineers", new()
    {
        Catalog = sandbox.Name,
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "USE_CATALOG",
            "USE_SCHEMA",
            "CREATE_SCHEMA",
            "CREATE_TABLE",
            "MODIFY",
        },
    });

    var sandboxDataAnalyst = new Databricks.Grant("sandbox_data_analyst", new()
    {
        Catalog = sandbox.Name,
        Principal = "Data Analyst",
        Privileges = new[]
        {
            "USE_CATALOG",
            "USE_SCHEMA",
            "SELECT",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Catalog;
import com.pulumi.databricks.CatalogArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var sandbox = new Catalog("sandbox", CatalogArgs.builder()
            .name("sandbox")
            .comment("this catalog is managed by terraform")
            .properties(Map.of("purpose", "testing"))
            .build());

        var sandboxDataScientists = new Grant("sandboxDataScientists", GrantArgs.builder()
            .catalog(sandbox.name())
            .principal("Data Scientists")
            .privileges(            
                "USE_CATALOG",
                "USE_SCHEMA",
                "CREATE_TABLE",
                "SELECT")
            .build());

        var sandboxDataEngineers = new Grant("sandboxDataEngineers", GrantArgs.builder()
            .catalog(sandbox.name())
            .principal("Data Engineers")
            .privileges(            
                "USE_CATALOG",
                "USE_SCHEMA",
                "CREATE_SCHEMA",
                "CREATE_TABLE",
                "MODIFY")
            .build());

        var sandboxDataAnalyst = new Grant("sandboxDataAnalyst", GrantArgs.builder()
            .catalog(sandbox.name())
            .principal("Data Analyst")
            .privileges(            
                "USE_CATALOG",
                "USE_SCHEMA",
                "SELECT")
            .build());

    }
}
Copy
resources:
  sandbox:
    type: databricks:Catalog
    properties:
      name: sandbox
      comment: this catalog is managed by terraform
      properties:
        purpose: testing
  sandboxDataScientists:
    type: databricks:Grant
    name: sandbox_data_scientists
    properties:
      catalog: ${sandbox.name}
      principal: Data Scientists
      privileges:
        - USE_CATALOG
        - USE_SCHEMA
        - CREATE_TABLE
        - SELECT
  sandboxDataEngineers:
    type: databricks:Grant
    name: sandbox_data_engineers
    properties:
      catalog: ${sandbox.name}
      principal: Data Engineers
      privileges:
        - USE_CATALOG
        - USE_SCHEMA
        - CREATE_SCHEMA
        - CREATE_TABLE
        - MODIFY
  sandboxDataAnalyst:
    type: databricks:Grant
    name: sandbox_data_analyst
    properties:
      catalog: ${sandbox.name}
      principal: Data Analyst
      privileges:
        - USE_CATALOG
        - USE_SCHEMA
        - SELECT
Copy

Schema grants

See databricks.Grants Schema grants for the list of privileges that apply to Schemas.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const things = new databricks.Schema("things", {
    catalogName: sandbox.id,
    name: "things",
    comment: "this schema is managed by terraform",
    properties: {
        kind: "various",
    },
});
const thingsGrant = new databricks.Grant("things", {
    schema: things.id,
    principal: "Data Engineers",
    privileges: [
        "USE_SCHEMA",
        "MODIFY",
    ],
});
Copy
import pulumi
import pulumi_databricks as databricks

things = databricks.Schema("things",
    catalog_name=sandbox["id"],
    name="things",
    comment="this schema is managed by terraform",
    properties={
        "kind": "various",
    })
things_grant = databricks.Grant("things",
    schema=things.id,
    principal="Data Engineers",
    privileges=[
        "USE_SCHEMA",
        "MODIFY",
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		things, err := databricks.NewSchema(ctx, "things", &databricks.SchemaArgs{
			CatalogName: pulumi.Any(sandbox.Id),
			Name:        pulumi.String("things"),
			Comment:     pulumi.String("this schema is managed by terraform"),
			Properties: pulumi.StringMap{
				"kind": pulumi.String("various"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "things", &databricks.GrantArgs{
			Schema:    things.ID(),
			Principal: pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("USE_SCHEMA"),
				pulumi.String("MODIFY"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var things = new Databricks.Schema("things", new()
    {
        CatalogName = sandbox.Id,
        Name = "things",
        Comment = "this schema is managed by terraform",
        Properties = 
        {
            { "kind", "various" },
        },
    });

    var thingsGrant = new Databricks.Grant("things", new()
    {
        Schema = things.Id,
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "USE_SCHEMA",
            "MODIFY",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Schema;
import com.pulumi.databricks.SchemaArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var things = new Schema("things", SchemaArgs.builder()
            .catalogName(sandbox.id())
            .name("things")
            .comment("this schema is managed by terraform")
            .properties(Map.of("kind", "various"))
            .build());

        var thingsGrant = new Grant("thingsGrant", GrantArgs.builder()
            .schema(things.id())
            .principal("Data Engineers")
            .privileges(            
                "USE_SCHEMA",
                "MODIFY")
            .build());

    }
}
Copy
resources:
  things:
    type: databricks:Schema
    properties:
      catalogName: ${sandbox.id}
      name: things
      comment: this schema is managed by terraform
      properties:
        kind: various
  thingsGrant:
    type: databricks:Grant
    name: things
    properties:
      schema: ${things.id}
      principal: Data Engineers
      privileges:
        - USE_SCHEMA
        - MODIFY
Copy

Table grants

See databricks.Grants Table grants for the list of privileges that apply to Tables.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const customersDataEngineers = new databricks.Grant("customers_data_engineers", {
    table: "main.reporting.customers",
    principal: "Data Engineers",
    privileges: [
        "MODIFY",
        "SELECT",
    ],
});
const customersDataAnalysts = new databricks.Grant("customers_data_analysts", {
    table: "main.reporting.customers",
    principal: "Data Analysts",
    privileges: ["SELECT"],
});
Copy
import pulumi
import pulumi_databricks as databricks

customers_data_engineers = databricks.Grant("customers_data_engineers",
    table="main.reporting.customers",
    principal="Data Engineers",
    privileges=[
        "MODIFY",
        "SELECT",
    ])
customers_data_analysts = databricks.Grant("customers_data_analysts",
    table="main.reporting.customers",
    principal="Data Analysts",
    privileges=["SELECT"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := databricks.NewGrant(ctx, "customers_data_engineers", &databricks.GrantArgs{
			Table:     pulumi.String("main.reporting.customers"),
			Principal: pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("MODIFY"),
				pulumi.String("SELECT"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "customers_data_analysts", &databricks.GrantArgs{
			Table:     pulumi.String("main.reporting.customers"),
			Principal: pulumi.String("Data Analysts"),
			Privileges: pulumi.StringArray{
				pulumi.String("SELECT"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var customersDataEngineers = new Databricks.Grant("customers_data_engineers", new()
    {
        Table = "main.reporting.customers",
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "MODIFY",
            "SELECT",
        },
    });

    var customersDataAnalysts = new Databricks.Grant("customers_data_analysts", new()
    {
        Table = "main.reporting.customers",
        Principal = "Data Analysts",
        Privileges = new[]
        {
            "SELECT",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var customersDataEngineers = new Grant("customersDataEngineers", GrantArgs.builder()
            .table("main.reporting.customers")
            .principal("Data Engineers")
            .privileges(            
                "MODIFY",
                "SELECT")
            .build());

        var customersDataAnalysts = new Grant("customersDataAnalysts", GrantArgs.builder()
            .table("main.reporting.customers")
            .principal("Data Analysts")
            .privileges("SELECT")
            .build());

    }
}
Copy
resources:
  customersDataEngineers:
    type: databricks:Grant
    name: customers_data_engineers
    properties:
      table: main.reporting.customers
      principal: Data Engineers
      privileges:
        - MODIFY
        - SELECT
  customersDataAnalysts:
    type: databricks:Grant
    name: customers_data_analysts
    properties:
      table: main.reporting.customers
      principal: Data Analysts
      privileges:
        - SELECT
Copy

You can also apply grants dynamically with databricks.getTables data resource:

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

export = async () => {
    const things = await databricks.getTables({
        catalogName: "sandbox",
        schemaName: "things",
    });
    const thingsGrant: databricks.Grant[] = [];
    for (const range of things.ids.map((v, k) => ({key: k, value: v}))) {
        thingsGrant.push(new databricks.Grant(`things-${range.key}`, {
            table: range.value,
            principal: "sensitive",
            privileges: [
                "SELECT",
                "MODIFY",
            ],
        }));
    }
}
Copy
import pulumi
import pulumi_databricks as databricks

things = databricks.get_tables(catalog_name="sandbox",
    schema_name="things")
things_grant = []
for range in [{"key": k, "value": v} for [k, v] in enumerate(things.ids)]:
    things_grant.append(databricks.Grant(f"things-{range['key']}",
        table=range["value"],
        principal="sensitive",
        privileges=[
            "SELECT",
            "MODIFY",
        ]))
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		things, err := databricks.GetTables(ctx, &databricks.GetTablesArgs{
			CatalogName: "sandbox",
			SchemaName:  "things",
		}, nil)
		if err != nil {
			return err
		}
		var thingsGrant []*databricks.Grant
		for key0, val0 := range things.Ids {
			__res, err := databricks.NewGrant(ctx, fmt.Sprintf("things-%v", key0), &databricks.GrantArgs{
				Table:     pulumi.String(val0),
				Principal: pulumi.String("sensitive"),
				Privileges: pulumi.StringArray{
					pulumi.String("SELECT"),
					pulumi.String("MODIFY"),
				},
			})
			if err != nil {
				return err
			}
			thingsGrant = append(thingsGrant, __res)
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(async() => 
{
    var things = await Databricks.GetTables.InvokeAsync(new()
    {
        CatalogName = "sandbox",
        SchemaName = "things",
    });

    var thingsGrant = new List<Databricks.Grant>();
    foreach (var range in )
    {
        thingsGrant.Add(new Databricks.Grant($"things-{range.Key}", new()
        {
            Table = range.Value,
            Principal = "sensitive",
            Privileges = new[]
            {
                "SELECT",
                "MODIFY",
            },
        }));
    }
});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetTablesArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var things = DatabricksFunctions.getTables(GetTablesArgs.builder()
            .catalogName("sandbox")
            .schemaName("things")
            .build());

        final var thingsGrant = things.applyValue(getTablesResult -> {
            final var resources = new ArrayList<Grant>();
            for (var range : KeyedValue.of(getTablesResult.ids())) {
                var resource = new Grant("thingsGrant-" + range.key(), GrantArgs.builder()
                    .table(range.value())
                    .principal("sensitive")
                    .privileges(                    
                        "SELECT",
                        "MODIFY")
                    .build());

                resources.add(resource);
            }

            return resources;
        });

    }
}
Copy
resources:
  thingsGrant:
    type: databricks:Grant
    name: things
    properties:
      table: ${range.value}
      principal: sensitive
      privileges:
        - SELECT
        - MODIFY
    options: {}
variables:
  things:
    fn::invoke:
      function: databricks:getTables
      arguments:
        catalogName: sandbox
        schemaName: things
Copy

View grants

See databricks.Grants View grants for the list of privileges that apply to Views.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const customer360 = new databricks.Grant("customer360", {
    table: "main.reporting.customer360",
    principal: "Data Analysts",
    privileges: ["SELECT"],
});
Copy
import pulumi
import pulumi_databricks as databricks

customer360 = databricks.Grant("customer360",
    table="main.reporting.customer360",
    principal="Data Analysts",
    privileges=["SELECT"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := databricks.NewGrant(ctx, "customer360", &databricks.GrantArgs{
			Table:     pulumi.String("main.reporting.customer360"),
			Principal: pulumi.String("Data Analysts"),
			Privileges: pulumi.StringArray{
				pulumi.String("SELECT"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var customer360 = new Databricks.Grant("customer360", new()
    {
        Table = "main.reporting.customer360",
        Principal = "Data Analysts",
        Privileges = new[]
        {
            "SELECT",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var customer360 = new Grant("customer360", GrantArgs.builder()
            .table("main.reporting.customer360")
            .principal("Data Analysts")
            .privileges("SELECT")
            .build());

    }
}
Copy
resources:
  customer360:
    type: databricks:Grant
    properties:
      table: main.reporting.customer360
      principal: Data Analysts
      privileges:
        - SELECT
Copy

You can also apply grants dynamically with databricks.getViews data resource:

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

export = async () => {
    const customers = await databricks.getViews({
        catalogName: "main",
        schemaName: "customers",
    });
    const customersGrant: databricks.Grant[] = [];
    for (const range of customers.ids.map((v, k) => ({key: k, value: v}))) {
        customersGrant.push(new databricks.Grant(`customers-${range.key}`, {
            table: range.value,
            principal: "sensitive",
            privileges: [
                "SELECT",
                "MODIFY",
            ],
        }));
    }
}
Copy
import pulumi
import pulumi_databricks as databricks

customers = databricks.get_views(catalog_name="main",
    schema_name="customers")
customers_grant = []
for range in [{"key": k, "value": v} for [k, v] in enumerate(customers.ids)]:
    customers_grant.append(databricks.Grant(f"customers-{range['key']}",
        table=range["value"],
        principal="sensitive",
        privileges=[
            "SELECT",
            "MODIFY",
        ]))
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		customers, err := databricks.GetViews(ctx, &databricks.GetViewsArgs{
			CatalogName: "main",
			SchemaName:  "customers",
		}, nil)
		if err != nil {
			return err
		}
		var customersGrant []*databricks.Grant
		for key0, val0 := range customers.Ids {
			__res, err := databricks.NewGrant(ctx, fmt.Sprintf("customers-%v", key0), &databricks.GrantArgs{
				Table:     pulumi.String(val0),
				Principal: pulumi.String("sensitive"),
				Privileges: pulumi.StringArray{
					pulumi.String("SELECT"),
					pulumi.String("MODIFY"),
				},
			})
			if err != nil {
				return err
			}
			customersGrant = append(customersGrant, __res)
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(async() => 
{
    var customers = await Databricks.GetViews.InvokeAsync(new()
    {
        CatalogName = "main",
        SchemaName = "customers",
    });

    var customersGrant = new List<Databricks.Grant>();
    foreach (var range in )
    {
        customersGrant.Add(new Databricks.Grant($"customers-{range.Key}", new()
        {
            Table = range.Value,
            Principal = "sensitive",
            Privileges = new[]
            {
                "SELECT",
                "MODIFY",
            },
        }));
    }
});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetViewsArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import com.pulumi.codegen.internal.KeyedValue;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var customers = DatabricksFunctions.getViews(GetViewsArgs.builder()
            .catalogName("main")
            .schemaName("customers")
            .build());

        final var customersGrant = customers.applyValue(getViewsResult -> {
            final var resources = new ArrayList<Grant>();
            for (var range : KeyedValue.of(getViewsResult.ids())) {
                var resource = new Grant("customersGrant-" + range.key(), GrantArgs.builder()
                    .table(range.value())
                    .principal("sensitive")
                    .privileges(                    
                        "SELECT",
                        "MODIFY")
                    .build());

                resources.add(resource);
            }

            return resources;
        });

    }
}
Copy
resources:
  customersGrant:
    type: databricks:Grant
    name: customers
    properties:
      table: ${range.value}
      principal: sensitive
      privileges:
        - SELECT
        - MODIFY
    options: {}
variables:
  customers:
    fn::invoke:
      function: databricks:getViews
      arguments:
        catalogName: main
        schemaName: customers
Copy

Volume grants

See databricks.Grants Volume grants for the list of privileges that apply to Volumes.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const _this = new databricks.Volume("this", {
    name: "quickstart_volume",
    catalogName: sandbox.name,
    schemaName: things.name,
    volumeType: "EXTERNAL",
    storageLocation: some.url,
    comment: "this volume is managed by terraform",
});
const volume = new databricks.Grant("volume", {
    volume: _this.id,
    principal: "Data Engineers",
    privileges: ["WRITE_VOLUME"],
});
Copy
import pulumi
import pulumi_databricks as databricks

this = databricks.Volume("this",
    name="quickstart_volume",
    catalog_name=sandbox["name"],
    schema_name=things["name"],
    volume_type="EXTERNAL",
    storage_location=some["url"],
    comment="this volume is managed by terraform")
volume = databricks.Grant("volume",
    volume=this.id,
    principal="Data Engineers",
    privileges=["WRITE_VOLUME"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		this, err := databricks.NewVolume(ctx, "this", &databricks.VolumeArgs{
			Name:            pulumi.String("quickstart_volume"),
			CatalogName:     pulumi.Any(sandbox.Name),
			SchemaName:      pulumi.Any(things.Name),
			VolumeType:      pulumi.String("EXTERNAL"),
			StorageLocation: pulumi.Any(some.Url),
			Comment:         pulumi.String("this volume is managed by terraform"),
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "volume", &databricks.GrantArgs{
			Volume:    this.ID(),
			Principal: pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("WRITE_VOLUME"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var @this = new Databricks.Volume("this", new()
    {
        Name = "quickstart_volume",
        CatalogName = sandbox.Name,
        SchemaName = things.Name,
        VolumeType = "EXTERNAL",
        StorageLocation = some.Url,
        Comment = "this volume is managed by terraform",
    });

    var volume = new Databricks.Grant("volume", new()
    {
        Volume = @this.Id,
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "WRITE_VOLUME",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Volume;
import com.pulumi.databricks.VolumeArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var this_ = new Volume("this", VolumeArgs.builder()
            .name("quickstart_volume")
            .catalogName(sandbox.name())
            .schemaName(things.name())
            .volumeType("EXTERNAL")
            .storageLocation(some.url())
            .comment("this volume is managed by terraform")
            .build());

        var volume = new Grant("volume", GrantArgs.builder()
            .volume(this_.id())
            .principal("Data Engineers")
            .privileges("WRITE_VOLUME")
            .build());

    }
}
Copy
resources:
  this:
    type: databricks:Volume
    properties:
      name: quickstart_volume
      catalogName: ${sandbox.name}
      schemaName: ${things.name}
      volumeType: EXTERNAL
      storageLocation: ${some.url}
      comment: this volume is managed by terraform
  volume:
    type: databricks:Grant
    properties:
      volume: ${this.id}
      principal: Data Engineers
      privileges:
        - WRITE_VOLUME
Copy

Registered model grants

See databricks.Grants Registered model grants for the list of privileges that apply to Registered models.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const customersDataEngineers = new databricks.Grant("customers_data_engineers", {
    model: "main.reporting.customer_model",
    principal: "Data Engineers",
    privileges: [
        "APPLY_TAG",
        "EXECUTE",
    ],
});
const customersDataAnalysts = new databricks.Grant("customers_data_analysts", {
    model: "main.reporting.customer_model",
    principal: "Data Analysts",
    privileges: ["EXECUTE"],
});
Copy
import pulumi
import pulumi_databricks as databricks

customers_data_engineers = databricks.Grant("customers_data_engineers",
    model="main.reporting.customer_model",
    principal="Data Engineers",
    privileges=[
        "APPLY_TAG",
        "EXECUTE",
    ])
customers_data_analysts = databricks.Grant("customers_data_analysts",
    model="main.reporting.customer_model",
    principal="Data Analysts",
    privileges=["EXECUTE"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := databricks.NewGrant(ctx, "customers_data_engineers", &databricks.GrantArgs{
			Model:     pulumi.String("main.reporting.customer_model"),
			Principal: pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("APPLY_TAG"),
				pulumi.String("EXECUTE"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "customers_data_analysts", &databricks.GrantArgs{
			Model:     pulumi.String("main.reporting.customer_model"),
			Principal: pulumi.String("Data Analysts"),
			Privileges: pulumi.StringArray{
				pulumi.String("EXECUTE"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var customersDataEngineers = new Databricks.Grant("customers_data_engineers", new()
    {
        Model = "main.reporting.customer_model",
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "APPLY_TAG",
            "EXECUTE",
        },
    });

    var customersDataAnalysts = new Databricks.Grant("customers_data_analysts", new()
    {
        Model = "main.reporting.customer_model",
        Principal = "Data Analysts",
        Privileges = new[]
        {
            "EXECUTE",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var customersDataEngineers = new Grant("customersDataEngineers", GrantArgs.builder()
            .model("main.reporting.customer_model")
            .principal("Data Engineers")
            .privileges(            
                "APPLY_TAG",
                "EXECUTE")
            .build());

        var customersDataAnalysts = new Grant("customersDataAnalysts", GrantArgs.builder()
            .model("main.reporting.customer_model")
            .principal("Data Analysts")
            .privileges("EXECUTE")
            .build());

    }
}
Copy
resources:
  customersDataEngineers:
    type: databricks:Grant
    name: customers_data_engineers
    properties:
      model: main.reporting.customer_model
      principal: Data Engineers
      privileges:
        - APPLY_TAG
        - EXECUTE
  customersDataAnalysts:
    type: databricks:Grant
    name: customers_data_analysts
    properties:
      model: main.reporting.customer_model
      principal: Data Analysts
      privileges:
        - EXECUTE
Copy

Function grants

See databricks.Grants Function grants for the list of privileges that apply to Registered models.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const udfDataEngineers = new databricks.Grant("udf_data_engineers", {
    "function": "main.reporting.udf",
    principal: "Data Engineers",
    privileges: ["EXECUTE"],
});
const udfDataAnalysts = new databricks.Grant("udf_data_analysts", {
    "function": "main.reporting.udf",
    principal: "Data Analysts",
    privileges: ["EXECUTE"],
});
Copy
import pulumi
import pulumi_databricks as databricks

udf_data_engineers = databricks.Grant("udf_data_engineers",
    function="main.reporting.udf",
    principal="Data Engineers",
    privileges=["EXECUTE"])
udf_data_analysts = databricks.Grant("udf_data_analysts",
    function="main.reporting.udf",
    principal="Data Analysts",
    privileges=["EXECUTE"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := databricks.NewGrant(ctx, "udf_data_engineers", &databricks.GrantArgs{
			Function:  pulumi.String("main.reporting.udf"),
			Principal: pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("EXECUTE"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "udf_data_analysts", &databricks.GrantArgs{
			Function:  pulumi.String("main.reporting.udf"),
			Principal: pulumi.String("Data Analysts"),
			Privileges: pulumi.StringArray{
				pulumi.String("EXECUTE"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var udfDataEngineers = new Databricks.Grant("udf_data_engineers", new()
    {
        Function = "main.reporting.udf",
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "EXECUTE",
        },
    });

    var udfDataAnalysts = new Databricks.Grant("udf_data_analysts", new()
    {
        Function = "main.reporting.udf",
        Principal = "Data Analysts",
        Privileges = new[]
        {
            "EXECUTE",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var udfDataEngineers = new Grant("udfDataEngineers", GrantArgs.builder()
            .function("main.reporting.udf")
            .principal("Data Engineers")
            .privileges("EXECUTE")
            .build());

        var udfDataAnalysts = new Grant("udfDataAnalysts", GrantArgs.builder()
            .function("main.reporting.udf")
            .principal("Data Analysts")
            .privileges("EXECUTE")
            .build());

    }
}
Copy
resources:
  udfDataEngineers:
    type: databricks:Grant
    name: udf_data_engineers
    properties:
      function: main.reporting.udf
      principal: Data Engineers
      privileges:
        - EXECUTE
  udfDataAnalysts:
    type: databricks:Grant
    name: udf_data_analysts
    properties:
      function: main.reporting.udf
      principal: Data Analysts
      privileges:
        - EXECUTE
Copy

Service credential grants

See databricks.Grants Service credential grants for the list of privileges that apply to Service credentials.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const external = new databricks.Credential("external", {
    name: externalDataAccess.name,
    awsIamRole: {
        roleArn: externalDataAccess.arn,
    },
    purpose: "SERVICE",
    comment: "Managed by TF",
});
const externalCreds = new databricks.Grant("external_creds", {
    credential: external.id,
    principal: "Data Engineers",
    privileges: ["ACCESS"],
});
Copy
import pulumi
import pulumi_databricks as databricks

external = databricks.Credential("external",
    name=external_data_access["name"],
    aws_iam_role={
        "role_arn": external_data_access["arn"],
    },
    purpose="SERVICE",
    comment="Managed by TF")
external_creds = databricks.Grant("external_creds",
    credential=external.id,
    principal="Data Engineers",
    privileges=["ACCESS"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		external, err := databricks.NewCredential(ctx, "external", &databricks.CredentialArgs{
			Name: pulumi.Any(externalDataAccess.Name),
			AwsIamRole: &databricks.CredentialAwsIamRoleArgs{
				RoleArn: pulumi.Any(externalDataAccess.Arn),
			},
			Purpose: pulumi.String("SERVICE"),
			Comment: pulumi.String("Managed by TF"),
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "external_creds", &databricks.GrantArgs{
			Credential: external.ID(),
			Principal:  pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("ACCESS"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var external = new Databricks.Credential("external", new()
    {
        Name = externalDataAccess.Name,
        AwsIamRole = new Databricks.Inputs.CredentialAwsIamRoleArgs
        {
            RoleArn = externalDataAccess.Arn,
        },
        Purpose = "SERVICE",
        Comment = "Managed by TF",
    });

    var externalCreds = new Databricks.Grant("external_creds", new()
    {
        Credential = external.Id,
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "ACCESS",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Credential;
import com.pulumi.databricks.CredentialArgs;
import com.pulumi.databricks.inputs.CredentialAwsIamRoleArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var external = new Credential("external", CredentialArgs.builder()
            .name(externalDataAccess.name())
            .awsIamRole(CredentialAwsIamRoleArgs.builder()
                .roleArn(externalDataAccess.arn())
                .build())
            .purpose("SERVICE")
            .comment("Managed by TF")
            .build());

        var externalCreds = new Grant("externalCreds", GrantArgs.builder()
            .credential(external.id())
            .principal("Data Engineers")
            .privileges("ACCESS")
            .build());

    }
}
Copy
resources:
  external:
    type: databricks:Credential
    properties:
      name: ${externalDataAccess.name}
      awsIamRole:
        roleArn: ${externalDataAccess.arn}
      purpose: SERVICE
      comment: Managed by TF
  externalCreds:
    type: databricks:Grant
    name: external_creds
    properties:
      credential: ${external.id}
      principal: Data Engineers
      privileges:
        - ACCESS
Copy

Storage credential grants

See databricks.Grants Storage credential grants for the list of privileges that apply to Storage credentials.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const external = new databricks.StorageCredential("external", {
    name: externalDataAccess.name,
    awsIamRole: {
        roleArn: externalDataAccess.arn,
    },
    comment: "Managed by TF",
});
const externalCreds = new databricks.Grant("external_creds", {
    storageCredential: external.id,
    principal: "Data Engineers",
    privileges: ["CREATE_EXTERNAL_TABLE"],
});
Copy
import pulumi
import pulumi_databricks as databricks

external = databricks.StorageCredential("external",
    name=external_data_access["name"],
    aws_iam_role={
        "role_arn": external_data_access["arn"],
    },
    comment="Managed by TF")
external_creds = databricks.Grant("external_creds",
    storage_credential=external.id,
    principal="Data Engineers",
    privileges=["CREATE_EXTERNAL_TABLE"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		external, err := databricks.NewStorageCredential(ctx, "external", &databricks.StorageCredentialArgs{
			Name: pulumi.Any(externalDataAccess.Name),
			AwsIamRole: &databricks.StorageCredentialAwsIamRoleArgs{
				RoleArn: pulumi.Any(externalDataAccess.Arn),
			},
			Comment: pulumi.String("Managed by TF"),
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "external_creds", &databricks.GrantArgs{
			StorageCredential: external.ID(),
			Principal:         pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("CREATE_EXTERNAL_TABLE"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var external = new Databricks.StorageCredential("external", new()
    {
        Name = externalDataAccess.Name,
        AwsIamRole = new Databricks.Inputs.StorageCredentialAwsIamRoleArgs
        {
            RoleArn = externalDataAccess.Arn,
        },
        Comment = "Managed by TF",
    });

    var externalCreds = new Databricks.Grant("external_creds", new()
    {
        StorageCredential = external.Id,
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "CREATE_EXTERNAL_TABLE",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.StorageCredential;
import com.pulumi.databricks.StorageCredentialArgs;
import com.pulumi.databricks.inputs.StorageCredentialAwsIamRoleArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var external = new StorageCredential("external", StorageCredentialArgs.builder()
            .name(externalDataAccess.name())
            .awsIamRole(StorageCredentialAwsIamRoleArgs.builder()
                .roleArn(externalDataAccess.arn())
                .build())
            .comment("Managed by TF")
            .build());

        var externalCreds = new Grant("externalCreds", GrantArgs.builder()
            .storageCredential(external.id())
            .principal("Data Engineers")
            .privileges("CREATE_EXTERNAL_TABLE")
            .build());

    }
}
Copy
resources:
  external:
    type: databricks:StorageCredential
    properties:
      name: ${externalDataAccess.name}
      awsIamRole:
        roleArn: ${externalDataAccess.arn}
      comment: Managed by TF
  externalCreds:
    type: databricks:Grant
    name: external_creds
    properties:
      storageCredential: ${external.id}
      principal: Data Engineers
      privileges:
        - CREATE_EXTERNAL_TABLE
Copy

External location grants

See databricks.Grants External location grants for the list of privileges that apply to External locations.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const some = new databricks.ExternalLocation("some", {
    name: "external",
    url: `s3://${externalAwsS3Bucket.id}/some`,
    credentialName: external.id,
    comment: "Managed by TF",
});
const someDataEngineers = new databricks.Grant("some_data_engineers", {
    externalLocation: some.id,
    principal: "Data Engineers",
    privileges: [
        "CREATE_EXTERNAL_TABLE",
        "READ_FILES",
    ],
});
const someServicePrincipal = new databricks.Grant("some_service_principal", {
    externalLocation: some.id,
    principal: mySp.applicationId,
    privileges: [
        "USE_SCHEMA",
        "MODIFY",
    ],
});
const someGroup = new databricks.Grant("some_group", {
    externalLocation: some.id,
    principal: myGroup.displayName,
    privileges: [
        "USE_SCHEMA",
        "MODIFY",
    ],
});
const someUser = new databricks.Grant("some_user", {
    externalLocation: some.id,
    principal: myUser.userName,
    privileges: [
        "USE_SCHEMA",
        "MODIFY",
    ],
});
Copy
import pulumi
import pulumi_databricks as databricks

some = databricks.ExternalLocation("some",
    name="external",
    url=f"s3://{external_aws_s3_bucket['id']}/some",
    credential_name=external["id"],
    comment="Managed by TF")
some_data_engineers = databricks.Grant("some_data_engineers",
    external_location=some.id,
    principal="Data Engineers",
    privileges=[
        "CREATE_EXTERNAL_TABLE",
        "READ_FILES",
    ])
some_service_principal = databricks.Grant("some_service_principal",
    external_location=some.id,
    principal=my_sp["applicationId"],
    privileges=[
        "USE_SCHEMA",
        "MODIFY",
    ])
some_group = databricks.Grant("some_group",
    external_location=some.id,
    principal=my_group["displayName"],
    privileges=[
        "USE_SCHEMA",
        "MODIFY",
    ])
some_user = databricks.Grant("some_user",
    external_location=some.id,
    principal=my_user["userName"],
    privileges=[
        "USE_SCHEMA",
        "MODIFY",
    ])
Copy
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		some, err := databricks.NewExternalLocation(ctx, "some", &databricks.ExternalLocationArgs{
			Name:           pulumi.String("external"),
			Url:            pulumi.Sprintf("s3://%v/some", externalAwsS3Bucket.Id),
			CredentialName: pulumi.Any(external.Id),
			Comment:        pulumi.String("Managed by TF"),
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "some_data_engineers", &databricks.GrantArgs{
			ExternalLocation: some.ID(),
			Principal:        pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("CREATE_EXTERNAL_TABLE"),
				pulumi.String("READ_FILES"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "some_service_principal", &databricks.GrantArgs{
			ExternalLocation: some.ID(),
			Principal:        pulumi.Any(mySp.ApplicationId),
			Privileges: pulumi.StringArray{
				pulumi.String("USE_SCHEMA"),
				pulumi.String("MODIFY"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "some_group", &databricks.GrantArgs{
			ExternalLocation: some.ID(),
			Principal:        pulumi.Any(myGroup.DisplayName),
			Privileges: pulumi.StringArray{
				pulumi.String("USE_SCHEMA"),
				pulumi.String("MODIFY"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "some_user", &databricks.GrantArgs{
			ExternalLocation: some.ID(),
			Principal:        pulumi.Any(myUser.UserName),
			Privileges: pulumi.StringArray{
				pulumi.String("USE_SCHEMA"),
				pulumi.String("MODIFY"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var some = new Databricks.ExternalLocation("some", new()
    {
        Name = "external",
        Url = $"s3://{externalAwsS3Bucket.Id}/some",
        CredentialName = external.Id,
        Comment = "Managed by TF",
    });

    var someDataEngineers = new Databricks.Grant("some_data_engineers", new()
    {
        ExternalLocation = some.Id,
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "CREATE_EXTERNAL_TABLE",
            "READ_FILES",
        },
    });

    var someServicePrincipal = new Databricks.Grant("some_service_principal", new()
    {
        ExternalLocation = some.Id,
        Principal = mySp.ApplicationId,
        Privileges = new[]
        {
            "USE_SCHEMA",
            "MODIFY",
        },
    });

    var someGroup = new Databricks.Grant("some_group", new()
    {
        ExternalLocation = some.Id,
        Principal = myGroup.DisplayName,
        Privileges = new[]
        {
            "USE_SCHEMA",
            "MODIFY",
        },
    });

    var someUser = new Databricks.Grant("some_user", new()
    {
        ExternalLocation = some.Id,
        Principal = myUser.UserName,
        Privileges = new[]
        {
            "USE_SCHEMA",
            "MODIFY",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.ExternalLocation;
import com.pulumi.databricks.ExternalLocationArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var some = new ExternalLocation("some", ExternalLocationArgs.builder()
            .name("external")
            .url(String.format("s3://%s/some", externalAwsS3Bucket.id()))
            .credentialName(external.id())
            .comment("Managed by TF")
            .build());

        var someDataEngineers = new Grant("someDataEngineers", GrantArgs.builder()
            .externalLocation(some.id())
            .principal("Data Engineers")
            .privileges(            
                "CREATE_EXTERNAL_TABLE",
                "READ_FILES")
            .build());

        var someServicePrincipal = new Grant("someServicePrincipal", GrantArgs.builder()
            .externalLocation(some.id())
            .principal(mySp.applicationId())
            .privileges(            
                "USE_SCHEMA",
                "MODIFY")
            .build());

        var someGroup = new Grant("someGroup", GrantArgs.builder()
            .externalLocation(some.id())
            .principal(myGroup.displayName())
            .privileges(            
                "USE_SCHEMA",
                "MODIFY")
            .build());

        var someUser = new Grant("someUser", GrantArgs.builder()
            .externalLocation(some.id())
            .principal(myUser.userName())
            .privileges(            
                "USE_SCHEMA",
                "MODIFY")
            .build());

    }
}
Copy
resources:
  some:
    type: databricks:ExternalLocation
    properties:
      name: external
      url: s3://${externalAwsS3Bucket.id}/some
      credentialName: ${external.id}
      comment: Managed by TF
  someDataEngineers:
    type: databricks:Grant
    name: some_data_engineers
    properties:
      externalLocation: ${some.id}
      principal: Data Engineers
      privileges:
        - CREATE_EXTERNAL_TABLE
        - READ_FILES
  someServicePrincipal:
    type: databricks:Grant
    name: some_service_principal
    properties:
      externalLocation: ${some.id}
      principal: ${mySp.applicationId}
      privileges:
        - USE_SCHEMA
        - MODIFY
  someGroup:
    type: databricks:Grant
    name: some_group
    properties:
      externalLocation: ${some.id}
      principal: ${myGroup.displayName}
      privileges:
        - USE_SCHEMA
        - MODIFY
  someUser:
    type: databricks:Grant
    name: some_user
    properties:
      externalLocation: ${some.id}
      principal: ${myUser.userName}
      privileges:
        - USE_SCHEMA
        - MODIFY
Copy

Connection grants

See databricks.Grants Connection grants for the list of privileges that apply to Connections.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const mysql = new databricks.Connection("mysql", {
    name: "mysql_connection",
    connectionType: "MYSQL",
    comment: "this is a connection to mysql db",
    options: {
        host: "test.mysql.database.azure.com",
        port: "3306",
        user: "user",
        password: "password",
    },
    properties: {
        purpose: "testing",
    },
});
const some = new databricks.Grant("some", {
    foreignConnection: mysql.name,
    principal: "Data Engineers",
    privileges: [
        "CREATE_FOREIGN_CATALOG",
        "USE_CONNECTION",
    ],
});
Copy
import pulumi
import pulumi_databricks as databricks

mysql = databricks.Connection("mysql",
    name="mysql_connection",
    connection_type="MYSQL",
    comment="this is a connection to mysql db",
    options={
        "host": "test.mysql.database.azure.com",
        "port": "3306",
        "user": "user",
        "password": "password",
    },
    properties={
        "purpose": "testing",
    })
some = databricks.Grant("some",
    foreign_connection=mysql.name,
    principal="Data Engineers",
    privileges=[
        "CREATE_FOREIGN_CATALOG",
        "USE_CONNECTION",
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		mysql, err := databricks.NewConnection(ctx, "mysql", &databricks.ConnectionArgs{
			Name:           pulumi.String("mysql_connection"),
			ConnectionType: pulumi.String("MYSQL"),
			Comment:        pulumi.String("this is a connection to mysql db"),
			Options: pulumi.StringMap{
				"host":     pulumi.String("test.mysql.database.azure.com"),
				"port":     pulumi.String("3306"),
				"user":     pulumi.String("user"),
				"password": pulumi.String("password"),
			},
			Properties: pulumi.StringMap{
				"purpose": pulumi.String("testing"),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "some", &databricks.GrantArgs{
			ForeignConnection: mysql.Name,
			Principal:         pulumi.String("Data Engineers"),
			Privileges: pulumi.StringArray{
				pulumi.String("CREATE_FOREIGN_CATALOG"),
				pulumi.String("USE_CONNECTION"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var mysql = new Databricks.Connection("mysql", new()
    {
        Name = "mysql_connection",
        ConnectionType = "MYSQL",
        Comment = "this is a connection to mysql db",
        Options = 
        {
            { "host", "test.mysql.database.azure.com" },
            { "port", "3306" },
            { "user", "user" },
            { "password", "password" },
        },
        Properties = 
        {
            { "purpose", "testing" },
        },
    });

    var some = new Databricks.Grant("some", new()
    {
        ForeignConnection = mysql.Name,
        Principal = "Data Engineers",
        Privileges = new[]
        {
            "CREATE_FOREIGN_CATALOG",
            "USE_CONNECTION",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Connection;
import com.pulumi.databricks.ConnectionArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var mysql = new Connection("mysql", ConnectionArgs.builder()
            .name("mysql_connection")
            .connectionType("MYSQL")
            .comment("this is a connection to mysql db")
            .options(Map.ofEntries(
                Map.entry("host", "test.mysql.database.azure.com"),
                Map.entry("port", "3306"),
                Map.entry("user", "user"),
                Map.entry("password", "password")
            ))
            .properties(Map.of("purpose", "testing"))
            .build());

        var some = new Grant("some", GrantArgs.builder()
            .foreignConnection(mysql.name())
            .principal("Data Engineers")
            .privileges(            
                "CREATE_FOREIGN_CATALOG",
                "USE_CONNECTION")
            .build());

    }
}
Copy
resources:
  mysql:
    type: databricks:Connection
    properties:
      name: mysql_connection
      connectionType: MYSQL
      comment: this is a connection to mysql db
      options:
        host: test.mysql.database.azure.com
        port: '3306'
        user: user
        password: password
      properties:
        purpose: testing
  some:
    type: databricks:Grant
    properties:
      foreignConnection: ${mysql.name}
      principal: Data Engineers
      privileges:
        - CREATE_FOREIGN_CATALOG
        - USE_CONNECTION
Copy

Delta Sharing share grants

See databricks.Grants Delta Sharing share grants for the list of privileges that apply to Delta Sharing shares.

import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const some = new databricks.Share("some", {name: "my_share"});
const someRecipient = new databricks.Recipient("some", {name: "my_recipient"});
const someGrant = new databricks.Grant("some", {
    share: some.name,
    principal: someRecipient.name,
    privileges: ["SELECT"],
});
Copy
import pulumi
import pulumi_databricks as databricks

some = databricks.Share("some", name="my_share")
some_recipient = databricks.Recipient("some", name="my_recipient")
some_grant = databricks.Grant("some",
    share=some.name,
    principal=some_recipient.name,
    privileges=["SELECT"])
Copy
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		some, err := databricks.NewShare(ctx, "some", &databricks.ShareArgs{
			Name: pulumi.String("my_share"),
		})
		if err != nil {
			return err
		}
		someRecipient, err := databricks.NewRecipient(ctx, "some", &databricks.RecipientArgs{
			Name: pulumi.String("my_recipient"),
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewGrant(ctx, "some", &databricks.GrantArgs{
			Share:     some.Name,
			Principal: someRecipient.Name,
			Privileges: pulumi.StringArray{
				pulumi.String("SELECT"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var some = new Databricks.Share("some", new()
    {
        Name = "my_share",
    });

    var someRecipient = new Databricks.Recipient("some", new()
    {
        Name = "my_recipient",
    });

    var someGrant = new Databricks.Grant("some", new()
    {
        Share = some.Name,
        Principal = someRecipient.Name,
        Privileges = new[]
        {
            "SELECT",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Share;
import com.pulumi.databricks.ShareArgs;
import com.pulumi.databricks.Recipient;
import com.pulumi.databricks.RecipientArgs;
import com.pulumi.databricks.Grant;
import com.pulumi.databricks.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var some = new Share("some", ShareArgs.builder()
            .name("my_share")
            .build());

        var someRecipient = new Recipient("someRecipient", RecipientArgs.builder()
            .name("my_recipient")
            .build());

        var someGrant = new Grant("someGrant", GrantArgs.builder()
            .share(some.name())
            .principal(someRecipient.name())
            .privileges("SELECT")
            .build());

    }
}
Copy
resources:
  some:
    type: databricks:Share
    properties:
      name: my_share
  someRecipient:
    type: databricks:Recipient
    name: some
    properties:
      name: my_recipient
  someGrant:
    type: databricks:Grant
    name: some
    properties:
      share: ${some.name}
      principal: ${someRecipient.name}
      privileges:
        - SELECT
Copy

Other access control

You can control Databricks General Permissions through databricks.Permissions resource.

Create Grant Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Grant(name: string, args: GrantArgs, opts?: CustomResourceOptions);
@overload
def Grant(resource_name: str,
          args: GrantArgs,
          opts: Optional[ResourceOptions] = None)

@overload
def Grant(resource_name: str,
          opts: Optional[ResourceOptions] = None,
          principal: Optional[str] = None,
          privileges: Optional[Sequence[str]] = None,
          function: Optional[str] = None,
          credential: Optional[str] = None,
          catalog: Optional[str] = None,
          metastore: Optional[str] = None,
          model: Optional[str] = None,
          pipeline: Optional[str] = None,
          external_location: Optional[str] = None,
          foreign_connection: Optional[str] = None,
          recipient: Optional[str] = None,
          schema: Optional[str] = None,
          share: Optional[str] = None,
          storage_credential: Optional[str] = None,
          table: Optional[str] = None,
          volume: Optional[str] = None)
func NewGrant(ctx *Context, name string, args GrantArgs, opts ...ResourceOption) (*Grant, error)
public Grant(string name, GrantArgs args, CustomResourceOptions? opts = null)
public Grant(String name, GrantArgs args)
public Grant(String name, GrantArgs args, CustomResourceOptions options)
type: databricks:Grant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. GrantArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. GrantArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. GrantArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. GrantArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. GrantArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var grantResource = new Databricks.Grant("grantResource", new()
{
    Principal = "string",
    Privileges = new[]
    {
        "string",
    },
    Function = "string",
    Credential = "string",
    Catalog = "string",
    Metastore = "string",
    Model = "string",
    Pipeline = "string",
    ExternalLocation = "string",
    ForeignConnection = "string",
    Recipient = "string",
    Schema = "string",
    Share = "string",
    StorageCredential = "string",
    Table = "string",
    Volume = "string",
});
Copy
example, err := databricks.NewGrant(ctx, "grantResource", &databricks.GrantArgs{
	Principal: pulumi.String("string"),
	Privileges: pulumi.StringArray{
		pulumi.String("string"),
	},
	Function:          pulumi.String("string"),
	Credential:        pulumi.String("string"),
	Catalog:           pulumi.String("string"),
	Metastore:         pulumi.String("string"),
	Model:             pulumi.String("string"),
	Pipeline:          pulumi.String("string"),
	ExternalLocation:  pulumi.String("string"),
	ForeignConnection: pulumi.String("string"),
	Recipient:         pulumi.String("string"),
	Schema:            pulumi.String("string"),
	Share:             pulumi.String("string"),
	StorageCredential: pulumi.String("string"),
	Table:             pulumi.String("string"),
	Volume:            pulumi.String("string"),
})
Copy
var grantResource = new Grant("grantResource", GrantArgs.builder()
    .principal("string")
    .privileges("string")
    .function("string")
    .credential("string")
    .catalog("string")
    .metastore("string")
    .model("string")
    .pipeline("string")
    .externalLocation("string")
    .foreignConnection("string")
    .recipient("string")
    .schema("string")
    .share("string")
    .storageCredential("string")
    .table("string")
    .volume("string")
    .build());
Copy
grant_resource = databricks.Grant("grantResource",
    principal="string",
    privileges=["string"],
    function="string",
    credential="string",
    catalog="string",
    metastore="string",
    model="string",
    pipeline="string",
    external_location="string",
    foreign_connection="string",
    recipient="string",
    schema="string",
    share="string",
    storage_credential="string",
    table="string",
    volume="string")
Copy
const grantResource = new databricks.Grant("grantResource", {
    principal: "string",
    privileges: ["string"],
    "function": "string",
    credential: "string",
    catalog: "string",
    metastore: "string",
    model: "string",
    pipeline: "string",
    externalLocation: "string",
    foreignConnection: "string",
    recipient: "string",
    schema: "string",
    share: "string",
    storageCredential: "string",
    table: "string",
    volume: "string",
});
Copy
type: databricks:Grant
properties:
    catalog: string
    credential: string
    externalLocation: string
    foreignConnection: string
    function: string
    metastore: string
    model: string
    pipeline: string
    principal: string
    privileges:
        - string
    recipient: string
    schema: string
    share: string
    storageCredential: string
    table: string
    volume: string
Copy

Grant Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Grant resource accepts the following input properties:

Principal
This property is required.
Changes to this property will trigger replacement.
string
Privileges This property is required. List<string>
Catalog Changes to this property will trigger replacement. string
Credential Changes to this property will trigger replacement. string
ExternalLocation Changes to this property will trigger replacement. string
ForeignConnection Changes to this property will trigger replacement. string
Function Changes to this property will trigger replacement. string
Metastore Changes to this property will trigger replacement. string
Model Changes to this property will trigger replacement. string
Pipeline Changes to this property will trigger replacement. string
Recipient Changes to this property will trigger replacement. string
Schema Changes to this property will trigger replacement. string
Share Changes to this property will trigger replacement. string
StorageCredential Changes to this property will trigger replacement. string
Table Changes to this property will trigger replacement. string
Volume Changes to this property will trigger replacement. string
Principal
This property is required.
Changes to this property will trigger replacement.
string
Privileges This property is required. []string
Catalog Changes to this property will trigger replacement. string
Credential Changes to this property will trigger replacement. string
ExternalLocation Changes to this property will trigger replacement. string
ForeignConnection Changes to this property will trigger replacement. string
Function Changes to this property will trigger replacement. string
Metastore Changes to this property will trigger replacement. string
Model Changes to this property will trigger replacement. string
Pipeline Changes to this property will trigger replacement. string
Recipient Changes to this property will trigger replacement. string
Schema Changes to this property will trigger replacement. string
Share Changes to this property will trigger replacement. string
StorageCredential Changes to this property will trigger replacement. string
Table Changes to this property will trigger replacement. string
Volume Changes to this property will trigger replacement. string
principal
This property is required.
Changes to this property will trigger replacement.
String
privileges This property is required. List<String>
catalog Changes to this property will trigger replacement. String
credential Changes to this property will trigger replacement. String
externalLocation Changes to this property will trigger replacement. String
foreignConnection Changes to this property will trigger replacement. String
function Changes to this property will trigger replacement. String
metastore Changes to this property will trigger replacement. String
model Changes to this property will trigger replacement. String
pipeline Changes to this property will trigger replacement. String
recipient Changes to this property will trigger replacement. String
schema Changes to this property will trigger replacement. String
share Changes to this property will trigger replacement. String
storageCredential Changes to this property will trigger replacement. String
table Changes to this property will trigger replacement. String
volume Changes to this property will trigger replacement. String
principal
This property is required.
Changes to this property will trigger replacement.
string
privileges This property is required. string[]
catalog Changes to this property will trigger replacement. string
credential Changes to this property will trigger replacement. string
externalLocation Changes to this property will trigger replacement. string
foreignConnection Changes to this property will trigger replacement. string
function Changes to this property will trigger replacement. string
metastore Changes to this property will trigger replacement. string
model Changes to this property will trigger replacement. string
pipeline Changes to this property will trigger replacement. string
recipient Changes to this property will trigger replacement. string
schema Changes to this property will trigger replacement. string
share Changes to this property will trigger replacement. string
storageCredential Changes to this property will trigger replacement. string
table Changes to this property will trigger replacement. string
volume Changes to this property will trigger replacement. string
principal
This property is required.
Changes to this property will trigger replacement.
str
privileges This property is required. Sequence[str]
catalog Changes to this property will trigger replacement. str
credential Changes to this property will trigger replacement. str
external_location Changes to this property will trigger replacement. str
foreign_connection Changes to this property will trigger replacement. str
function Changes to this property will trigger replacement. str
metastore Changes to this property will trigger replacement. str
model Changes to this property will trigger replacement. str
pipeline Changes to this property will trigger replacement. str
recipient Changes to this property will trigger replacement. str
schema Changes to this property will trigger replacement. str
share Changes to this property will trigger replacement. str
storage_credential Changes to this property will trigger replacement. str
table Changes to this property will trigger replacement. str
volume Changes to this property will trigger replacement. str
principal
This property is required.
Changes to this property will trigger replacement.
String
privileges This property is required. List<String>
catalog Changes to this property will trigger replacement. String
credential Changes to this property will trigger replacement. String
externalLocation Changes to this property will trigger replacement. String
foreignConnection Changes to this property will trigger replacement. String
function Changes to this property will trigger replacement. String
metastore Changes to this property will trigger replacement. String
model Changes to this property will trigger replacement. String
pipeline Changes to this property will trigger replacement. String
recipient Changes to this property will trigger replacement. String
schema Changes to this property will trigger replacement. String
share Changes to this property will trigger replacement. String
storageCredential Changes to this property will trigger replacement. String
table Changes to this property will trigger replacement. String
volume Changes to this property will trigger replacement. String

Outputs

All input properties are implicitly available as output properties. Additionally, the Grant resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing Grant Resource

Get an existing Grant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GrantState, opts?: CustomResourceOptions): Grant
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        catalog: Optional[str] = None,
        credential: Optional[str] = None,
        external_location: Optional[str] = None,
        foreign_connection: Optional[str] = None,
        function: Optional[str] = None,
        metastore: Optional[str] = None,
        model: Optional[str] = None,
        pipeline: Optional[str] = None,
        principal: Optional[str] = None,
        privileges: Optional[Sequence[str]] = None,
        recipient: Optional[str] = None,
        schema: Optional[str] = None,
        share: Optional[str] = None,
        storage_credential: Optional[str] = None,
        table: Optional[str] = None,
        volume: Optional[str] = None) -> Grant
func GetGrant(ctx *Context, name string, id IDInput, state *GrantState, opts ...ResourceOption) (*Grant, error)
public static Grant Get(string name, Input<string> id, GrantState? state, CustomResourceOptions? opts = null)
public static Grant get(String name, Output<String> id, GrantState state, CustomResourceOptions options)
resources:  _:    type: databricks:Grant    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Catalog Changes to this property will trigger replacement. string
Credential Changes to this property will trigger replacement. string
ExternalLocation Changes to this property will trigger replacement. string
ForeignConnection Changes to this property will trigger replacement. string
Function Changes to this property will trigger replacement. string
Metastore Changes to this property will trigger replacement. string
Model Changes to this property will trigger replacement. string
Pipeline Changes to this property will trigger replacement. string
Principal Changes to this property will trigger replacement. string
Privileges List<string>
Recipient Changes to this property will trigger replacement. string
Schema Changes to this property will trigger replacement. string
Share Changes to this property will trigger replacement. string
StorageCredential Changes to this property will trigger replacement. string
Table Changes to this property will trigger replacement. string
Volume Changes to this property will trigger replacement. string
Catalog Changes to this property will trigger replacement. string
Credential Changes to this property will trigger replacement. string
ExternalLocation Changes to this property will trigger replacement. string
ForeignConnection Changes to this property will trigger replacement. string
Function Changes to this property will trigger replacement. string
Metastore Changes to this property will trigger replacement. string
Model Changes to this property will trigger replacement. string
Pipeline Changes to this property will trigger replacement. string
Principal Changes to this property will trigger replacement. string
Privileges []string
Recipient Changes to this property will trigger replacement. string
Schema Changes to this property will trigger replacement. string
Share Changes to this property will trigger replacement. string
StorageCredential Changes to this property will trigger replacement. string
Table Changes to this property will trigger replacement. string
Volume Changes to this property will trigger replacement. string
catalog Changes to this property will trigger replacement. String
credential Changes to this property will trigger replacement. String
externalLocation Changes to this property will trigger replacement. String
foreignConnection Changes to this property will trigger replacement. String
function Changes to this property will trigger replacement. String
metastore Changes to this property will trigger replacement. String
model Changes to this property will trigger replacement. String
pipeline Changes to this property will trigger replacement. String
principal Changes to this property will trigger replacement. String
privileges List<String>
recipient Changes to this property will trigger replacement. String
schema Changes to this property will trigger replacement. String
share Changes to this property will trigger replacement. String
storageCredential Changes to this property will trigger replacement. String
table Changes to this property will trigger replacement. String
volume Changes to this property will trigger replacement. String
catalog Changes to this property will trigger replacement. string
credential Changes to this property will trigger replacement. string
externalLocation Changes to this property will trigger replacement. string
foreignConnection Changes to this property will trigger replacement. string
function Changes to this property will trigger replacement. string
metastore Changes to this property will trigger replacement. string
model Changes to this property will trigger replacement. string
pipeline Changes to this property will trigger replacement. string
principal Changes to this property will trigger replacement. string
privileges string[]
recipient Changes to this property will trigger replacement. string
schema Changes to this property will trigger replacement. string
share Changes to this property will trigger replacement. string
storageCredential Changes to this property will trigger replacement. string
table Changes to this property will trigger replacement. string
volume Changes to this property will trigger replacement. string
catalog Changes to this property will trigger replacement. str
credential Changes to this property will trigger replacement. str
external_location Changes to this property will trigger replacement. str
foreign_connection Changes to this property will trigger replacement. str
function Changes to this property will trigger replacement. str
metastore Changes to this property will trigger replacement. str
model Changes to this property will trigger replacement. str
pipeline Changes to this property will trigger replacement. str
principal Changes to this property will trigger replacement. str
privileges Sequence[str]
recipient Changes to this property will trigger replacement. str
schema Changes to this property will trigger replacement. str
share Changes to this property will trigger replacement. str
storage_credential Changes to this property will trigger replacement. str
table Changes to this property will trigger replacement. str
volume Changes to this property will trigger replacement. str
catalog Changes to this property will trigger replacement. String
credential Changes to this property will trigger replacement. String
externalLocation Changes to this property will trigger replacement. String
foreignConnection Changes to this property will trigger replacement. String
function Changes to this property will trigger replacement. String
metastore Changes to this property will trigger replacement. String
model Changes to this property will trigger replacement. String
pipeline Changes to this property will trigger replacement. String
principal Changes to this property will trigger replacement. String
privileges List<String>
recipient Changes to this property will trigger replacement. String
schema Changes to this property will trigger replacement. String
share Changes to this property will trigger replacement. String
storageCredential Changes to this property will trigger replacement. String
table Changes to this property will trigger replacement. String
volume Changes to this property will trigger replacement. String

Import

The resource can be imported using combination of securable type (table, catalog, foreign_connection, …), it’s name and principal:

bash

$ pulumi import databricks:index/grant:Grant this catalog/abc/user_name
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
databricks pulumi/pulumi-databricks
License
Apache-2.0
Notes
This Pulumi package is based on the databricks Terraform Provider.