## 🏗️ Creating Database and Table

- Create a database named **`HR DB`**.
- Define a table called **`employees`** with the following columns:
  - `ID`
  - `Name`
  - `Salary`
  - `City`
- Insert sample data into the `employees` table for demonstration purposes.

In [0]:
CREATE DATABASE IF NOT EXISTS hive_metastore.hr_db
LOCATION 'dbfs:/mnt/demo/hr_db.db';

In [0]:
CREATE TABLE hive_metastore.hr_db.employees (id INT, name STRING, salary DOUBLE, city STRING);

In [0]:
INSERT INTO hive_metastore.hr_db.employees
VALUES (1, "Anna", 2500, "Paris"),
       (2, "Thomas", 3000, "London"),
       (3, "Bilal", 3500, "Paris"),
       (4, "Maya", 2000, "Paris"),
       (5, "Sophie", 2500, "London"),
       (6, "Adam", 3500, "London"),
       (7, "Ali", 3000, "Paris");


## 👁️ Creating a View

- Create a **view** that filters employees located in **Paris**.
- This allows for focused querying and controlled data exposure.

In [0]:
CREATE VIEW hive_metastore.hr_db.paris_emplyees_vw
AS SELECT * FROM hive_metastore.hr_db.employees WHERE city = 'Paris';

## 🔐 Configureing Permisions
Setting permissions ensures proper data governance. Permissions are granted to the **`HR Team`** group, including:

- `SELECT` – Read data
- `MODIFY` – Update, delete, or insert data
- `READ_METADATA` – View table and schema details
- `CREATE` – Create new objects in the database
- `USAGE` – Required to interact with the database and its objects

> 🔸 **USAGE** is a foundational permission and must be granted to enable all other privileges.


In [0]:
GRANT SELECT, MODIFY, READ_METADATA, CREATE ON SCHEMA hive_metastore.hr_db TO hr_team;

In [0]:
GRANT USAGE ON SCHEMA hive_metastore.hr_db TO hr_team;

In [0]:
GRANT SELECT ON VIEW hive_metastore.hr_db.paris_emplyees_vw TO `adam@derar.cloud`;

In [0]:
SHOW GRANTS ON SCHEMA hive_metastore.hr_db;

In [0]:
SHOW GRANTS ON VIEW hive_metastore.hr_db.paris_emplyees_vw;

## 🧾 SQL Commands for Access Management

- Use `GRANT` statements to assign specific privileges to users or groups.
- Provide individual access to users outside of the `HR Team` when needed.
- Run `SHOW GRANTS` to view current privileges for users or objects.
- Confirm that the `HR Team` inherits privileges from the database owner role.

---

## 🧰 Using the Data Explorer Tool

Databricks **Data Explorer** provides a UI to manage access visually.

Tasks include:
- Reviewing and modifying permissions
- Revoking access from users or groups
- Changing database or object ownership
- Granting metadata access to **all users** for transparency

---

## 📋 Managing Table and View Permissions

- Permissions can also be set at the **table** and **view** level.
- Use Data Explorer to manage access quickly and intuitively.

---

## 📂 Managing the `ANY FILE` Object

- Permissions for accessing **unstructured or file-based data** via `ANY FILE` must be set using the **SQL editor**.
- This control allows fine-grained access to raw files in cloud storage.

---

## 🕵️ Query History Feature

- The **Query History** logs all SQL queries executed in the SQL workspace.
- Includes queries submitted via Data Explorer, allowing for auditing and transparency.

---

By leveraging Databricks SQL and its built-in governance tools, users can securely manage data access, create reusable views, and monitor all interactions with their data assets.