Problem
When working with Delta Live Table (DLT) pipelines, you want to grant SELECT permissions to specific user groups on a subset of pipeline-owned, dynamically-created streaming tables, rather than all the tables in the DLT pipeline.
Cause
The current functionality within Databricks does not support granting permissions directly from within the DLT pipeline for tables that are created dynamically.
Tables are created based on the configuration files, and the permissions need to be managed outside the pipeline.
Solution
- Run the DLT pipeline once to create the necessary views and tables.
- After the first run, manually grant SELECT permissions to the specific user groups on the newly created tables. This can be done using Databricks SQL with the following command.
GRANT SELECT ON <your-streaming-table-in-3-level-namespace> TO `<your-user>`
Alternatively, you can use the Catalog UI. Refer to the instructions in the Grant permissions on objects in a Unity Catalog metastore section of the Manage privileges in Unity Catalog (AWS | Azure | GCP) documentation.
Note
Note that after you have granted permissions on your pipeline tables, those permissions persist between pipeline runs. You do not need to repeat the steps to set permissions each time.