Skip to content

Commit c5ed423

Browse files
qziyuanqziyuan
authored
Do not migrate READ_METADATA to BROWSE on tables and schemas (#2022)
## Changes UC only support BROWSE privilege on catalog object. Translate legacy hive_metastore privilege READ_METADATA on tables and databases to BROWSE privilege on UC tables and schemas will fail and cause error messages in the migrate tables workflow logs, such error messages will confuse the users.
1 parent eae95ad commit c5ed423

File tree

2 files changed

+1
-4
lines changed

2 files changed

+1
-4
lines changed

src/databricks/labs/ucx/hive_metastore/grants.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -167,19 +167,16 @@ def uc_grant_sql(self, object_type: str | None = None, object_key: str | None =
167167
("FUNCTION", "SELECT"): self._uc_action("EXECUTE"),
168168
("TABLE", "SELECT"): self._uc_action("SELECT"),
169169
("TABLE", "MODIFY"): self._uc_action("MODIFY"),
170-
("TABLE", "READ_METADATA"): self._uc_action("BROWSE"),
171170
("TABLE", "ALL PRIVILEGES"): self._uc_action("ALL PRIVILEGES"),
172171
("TABLE", "OWN"): self._set_owner_sql,
173172
("VIEW", "SELECT"): self._uc_action("SELECT"),
174-
("VIEW", "READ_METADATA"): self._uc_action("BROWSE"),
175173
("VIEW", "OWN"): self._set_owner_sql,
176174
("DATABASE", "USAGE"): self._uc_action("USE SCHEMA"),
177175
("DATABASE", "CREATE"): self._uc_action("CREATE TABLE"),
178176
("DATABASE", "CREATE_NAMED_FUNCTION"): self._uc_action("CREATE FUNCTION"),
179177
("DATABASE", "SELECT"): self._uc_action("SELECT"),
180178
("DATABASE", "MODIFY"): self._uc_action("MODIFY"),
181179
("DATABASE", "OWN"): self._set_owner_sql,
182-
("DATABASE", "READ_METADATA"): self._uc_action("BROWSE"),
183180
("CATALOG", "OWN"): self._set_owner_sql,
184181
("CATALOG", "USAGE"): self._uc_action("USE CATALOG"),
185182
}

tests/unit/hive_metastore/test_grants.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ def test_hive_deny_sql():
117117
[
118118
(
119119
Grant("user", "READ_METADATA", catalog="hive_metastore", database="mydb", table="mytable"),
120-
"GRANT BROWSE ON TABLE hive_metastore.mydb.mytable TO `user`",
120+
None,
121121
),
122122
(
123123
Grant("me", "OWN", catalog="hive_metastore", database="mydb", table="mytable"),

0 commit comments

Comments
 (0)