Exam Certified Data Engineer Associate topic 1 question 45 discussion

E is the correct answer.

GRANT USAGE, answer E is correct. I dont see such privilage as GRANT VIEW https://docs.databricks.com/en/sql/language-manual/sql-ref-privileges.html#privilege-types

The response is E

E is correct A: GRANT VIEW ON CATALOG is not a valid syntax in many SQL environments for database-level access. B: GRANT CREATE ON DATABASE customers would grant the team the ability to create objects in the database, which is more than just viewing the existing tables. C: This command incorrectly reverses the order of the team and the customers database. D: This would grant creation privileges on the team's database to the customers group, which is not relevant to the scenario.

E is correct

The question is asking "The team will need access to database customers in order to see what tables already exist." The presumption is, hoever, the team already has usage privilege on the catalog containing the database.

Customers is a Database and not a catalog. The three-space naming convention has Catalog at the top level(catalog.database(schema).table). So granting a usage on catalog will expose other objects.

Option A, "GRANT VIEW ON CATALOG customers TO team," grants the privilege to view the catalog but not access the database's tables, so it might not fulfill the requirement of seeing the existing tables in the database. So answer is E

E. It can NOT be A. You can GRANT SELECT, but you cannot GRANT VIEW. VIEW is a securable OBJECT and not a PRIVILEGE TYPE, so you cannot grant it. See also https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/manage-privileges/privileges

It's A....I got 100% on the Data Governance section...it's A

A. GRANT VIEW ON CATALOG customers TO team; To grant the new data engineering team the necessary permission to view the tables that exist in the "customers" database, you can use the GRANT VIEW ON CATALOG command as shown in option A. This command allows the team to see the metadata and information about the tables in the specified catalog or database, which is what you want in this case. Option B grants the CREATE privilege on the "customers" database to the team, which is not necessary for simply viewing existing tables. Option C and Option D have the syntax reversed, attempting to grant permissions from the team to the "customers" database, which is not the desired action. Option E grants USAGE privilege on the "customers" database to the team, which allows them to use the database but may not provide the necessary view permissions to see existing tables.

SOURCE : https://docs.databricks.com/en/sql/language-manual/security-grant.html The perfect answer would be : GRANT SHOW METADATA ON DATABASE customers TO team But because, it is not suggested, we need to find an impertect answer allowing listing tables on database customers for project team's group : team A. GRANT VIEW ON CATALOG customers TO team -- Incorrect : "GRANT VIEW" does not exist B. GRANT CREATE ON DATABASE customers TO team -- Correct : only possible answer by elimitation. C. GRANT USAGE ON CATALOG team TO customers -- Incorrect : "GRANT USAGE" does not allow listing tables D. GRANT CREATE ON DATABASE team TO customers -- Incorrect : "team" and "customers" are inverted E. GRANT USAGE ON DATABASE customers TO team -- Incorrect : "GRANT USAGE" does not allow listing tables

The correct answer is E. GRANT ALL PRIVILEGES ON DATABASE customers TO team; The GRANT statement is used to grant privileges on a database, table, or view to a user or role. The ALL PRIVILEGES option grants all possible privileges on the specified object, such as CREATE, SELECT, MODIFY, and USAGE. The syntax of the GRANT statement is: GRANT privilege_type ON object TO user_or_role; Therefore, to grant full permissions on the database customers to the new data engineering team, the command should be: GRANT ALL PRIVILEGES ON DATABASE customers TO team; Option A is incorrect because it only grants the USAGE privilege, which allows the team to access the database but not to create or modify any tables or views in it.

E The GRANT USAGE ON DATABASE command grants the USAGE privilege on the specified database to the specified group. The USAGE privilege allows the group to see the tables that exist in the database, but it does not allow them to do anything else with the database. The other commands are incorrect. The GRANT VIEW ON CATALOG command grants the VIEW privilege on the specified catalog to the specified group. The CREATE privilege allows the group to create new tables in the database. The USAGE privilege on the CATALOG does not exist.

The correct is GRANT both "USAGE" and "SELECT" on DATABASE CUSTOMERS TO TEAMS

e is the right answer

Think the Answer is E. The privilege types are CREATE, MODIFY, READ_METADATA, SELECT and USAGE. There is no such thing as GRANT VIEW. (it can however be GRANT <p-type> ON VIEW TO <team>). For our use case we want to GRANT USAGE for reading the Database. C has wrong syntax.