# Lecture 36. Managing Permissions (Hands On)

In this demo, we will explore how to manage permissions for **databases**, **tables**, and **views** in **Databricks SQL**.

### Navigating to Databricks SQL Workspace

Navigate to the **Databricks SQL Workspace**.  
Make sure that your **SQL warehouse** is running.  
Now, navigate to the **SQL editor** in the left sidebar.

### Creating a Database and Table

In this demo, we will create a database called `HR_DB`.  
Within this database, we will create a table called `employees` with `ID`, `name`, `salary`, and `city` columns.  
Then, we will insert some data into this table.  
Lastly, we will create a view for `employees` in **Paris city**.

Let us run these commands.

---

### Configuring Permissions for Other Users

Now, in order to allow other users to access this new database and table, let us configure their permissions.  
We will create a new query.

Let us start by granting several privileges on the whole `HR_DB` database to a group of users called **HR Team**.  
So, all the members in this group will have the ability to:

- **Read** and **modify** the data.
- Access **metadata information**.
- Create a new object like tables and views in this database.

Let us run this command.  
Great. Now, the **HR team** has the necessary privileges.

However, for users to perform any action on a database object, they must have an additional privilege, which is the **USAGE** privilege.  
Without this privilege, the objects in the database cannot be used.

We can run a specific SQL command simply by selecting it and clicking **Run Selected**.  
Great.

### Assigning Privileges to Individual Users

We can also assign privileges to individual users.  
Here, for example, we are granting **read access** on our view object to a user from outside of the **HR team**.  
Let us select this query and click **Run Selected**.  
Great.

---

### Reviewing Assigned Permissions

Lastly, let us review the assigned permissions using the `SHOW GRANTS` command.  
Yes, indeed, the **HR team** has all the granted privileges.  
And I am the **owner** of this database as I was the one who created it.

We can also show the granted privileges on our view.  
Here, we can see the user **Adam** indeed has the **SELECT** privilege on this view.  
And the **HR team** inherited the database privileges.

---

### Using Data Explorer for Permissions Management

In addition to the **SQL editor**, we can also use the **Data Explorer** to manage permissions.  
From the left-side navigator, select the **Data** tab to access the **Data Explorer**.

The **Data Explorer** allows users and admins to:

- Navigate different data objects like **databases**, **tables**, and **views**.
- Explore data schema, metadata, and history.
- Set and modify permissions.

From here, we can find the database we created previously.  
By clicking on the database name, it displays a list of the containing tables and views on the left-hand side.  
On the right, you will see some details about the database, like the **owner information**.

Use the **Permissions** tab to review who currently has permissions on this database.  
As expected, we see here the granted privileges for the **HR team** group.  
You can select a privilege here and click on **Revoke** to remove this privilege.  
The privilege has been successfully revoked.

---

### Changing the Owner

From here, we can also change the owner.  
If you click here, you have the option to **edit the owner**.  
An owner can be set as an individual or a group.

Let us set the owner to **admins**, which is the default group containing all workspace administrators.  
As you can see, the **admin group** now is the owner of this database.

---

### Granting Permissions to Users

Of course, from this window, you can also grant permissions.  
Let's say we would like to allow all users to review **metadata** about this database.  
We click the **Grant** button.  
We select **All Users** group.  
And we choose both **READ_METADATA** and **USAGE** privileges.  
Click on **Grant**.

Now, we see here the granted privileges to the **Users** group.

---

### Managing Permissions for Tables and Views

Similarly, we can manage permissions for tables and views.  
Simply, we click on the table name.  
Then, you click on the **Permissions** tab.  
From here, let us, for example, give all users the ability to query this table.

We click first on the **Grant** button.  
We select the **All Users** group.  
And we choose the **SELECT** privilege.  
Lastly, we click **Grant**.  
Now, all users can query this table.

Great.

---

### Data Explorer Limitations

As you can see, the **Data Explorer** is a really useful and powerful tool to manage your data objects.  
However, at present, only the **ANY FILE** object cannot be set from the **Data Explorer**.  
You need to use the **SQL editor** instead.

---

### Query History

What’s interesting about **Databricks SQL** is that you can see all the SQL queries run behind the **Data Explorer**.  
Simply, navigate to the **Query History** in the left sidebar.  
As you can see, **query history** shows all the queries run in the **Databricks SQL**, including the **Data Explorer**.

---

Great.  
That’s all about **Databricks SQL**.  
See you in the next video.