Introduction

You want to implement strict access restrictions on system tables to limit user visibility exclusively to data associated with their designated workspace.

By default, system tables contain comprehensive data from all workspaces linked to a metastore. As a result, you cannot put restrictions directly on system tables.

Instructions

Instead, create a view on top of the system table using the following example. 

CREATE VIEW <your-view-name> AS
SELECT *
FROM system.access.audit
WHERE workspace_id = '<your-workspace-id>';

Then, grant privileges on the view to users who require access to this data. Note the owner of the view must have access to the underlying system table (for example, system.access.audit). 

For details, review the “Requirements for querying views” section of the What is a view? (AWS | Azure | GCP) documentation.