databricks · tlecomte · Nov 4, 2025 · Nov 4, 2025
@@ -10,6 +10,8 @@
 
 ### Documentation
 
+ * Clarify scope of `databricks_grant`, reword reference to principals ([#5182](https://github.com/databricks/terraform-provider-databricks/pull/5182)).
+
 ### Exporter
 
 ### Internal Changes
@@ -7,9 +7,9 @@ subcategory: "Unity Catalog"
 
 -> Most of Unity Catalog APIs are only accessible via **workspace-level APIs**. This design may change in the future. Account-level principal grants can be assigned with any valid workspace as the Unity Catalog is decoupled from specific workspaces. More information in [the official documentation](https://docs.databricks.com/data-governance/unity-catalog/index.html).
 
-~> This resource is _authoritative_ for grants on securables for a given _singular_ principal. Configuring this resource for a securable will **OVERWRITE** any existing grants for the principal and changes made outside of Terraform will be reset. Use [databricks_grants](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants) for authoritative control of all grants on a securable.
+~> This resource is _authoritative_ for the privilege grants for a given securable and a given principal. Configuring this resource for a securable and a principal will **OVERWRITE** any existing privilege grants for this securable and this principal, and changes made outside of Terraform will be reset. Use [databricks_grants](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants) for authoritative control of all grants on a securable, across all users.
 
-In Unity Catalog all users initially have no access to data. Only Metastore Admins can create objects and can grant/revoke access on individual objects to users and groups. Every securable object in Unity Catalog has an owner. The owner can be any account-level user or group, called principals in general. The principal that creates an object becomes its owner. Owners receive `ALL_PRIVILEGES` on the securable object (e.g., `SELECT` and `MODIFY` on a table), as well as the permission to grant privileges to other principals.
+In Unity Catalog all users initially have no access to data. Only Metastore Admins can create objects and can grant/revoke access on individual objects to users and groups. Every securable object in Unity Catalog has an owner. The owner can be any account-level user or group, referred to as principals. The principal that creates an object becomes its owner. Owners receive `ALL_PRIVILEGES` on the securable object (e.g., `SELECT` and `MODIFY` on a table), as well as the permission to grant privileges to other principals.
 
 Securable objects are hierarchical and privileges are inherited downward. The highest level object that privileges are inherited from is the catalog. This means that granting a privilege on a catalog or schema automatically grants the privilege to all current and future objects within the catalog or schema. Privileges that are granted on a metastore are not inherited.
 

@@ -9,7 +9,7 @@ subcategory: "Unity Catalog"
 
 ~> This resource is _authoritative_ for grants on securables. Configuring this resource for a securable will **OVERWRITE** any existing grants and changes made outside of Terraform will be reset. Use [databricks_grant](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grant) for more granular grant management.
 
-In Unity Catalog all users initially have no access to data. Only Metastore Admins can create objects and can grant/revoke access on individual objects to users and groups. Every securable object in Unity Catalog has an owner. The owner can be any account-level user or group, called principals in general. The principal that creates an object becomes its owner. Owners receive `ALL_PRIVILEGES` on the securable object (e.g., `SELECT` and `MODIFY` on a table), as well as the permission to grant privileges to other principals.
+In Unity Catalog all users initially have no access to data. Only Metastore Admins can create objects and can grant/revoke access on individual objects to users and groups. Every securable object in Unity Catalog has an owner. The owner can be any account-level user or group, referred to as principals. The principal that creates an object becomes its owner. Owners receive `ALL_PRIVILEGES` on the securable object (e.g., `SELECT` and `MODIFY` on a table), as well as the permission to grant privileges to other principals.
 
 Securable objects are hierarchical and privileges are inherited downward. The highest level object that privileges are inherited from is the catalog. This means that granting a privilege on a catalog or schema automatically grants the privilege to all current and future objects within the catalog or schema. Privileges that are granted on a metastore are not inherited.