In [0]:
-- =========================================================
-- PURPOSE:
-- Grant read-only access on BankOf420 catalog to
-- data_engineering_team for learning and analytics
-- =========================================================


-- ---------------------------------------------------------
-- 1) CATALOG ACCESS
-- Allows the group to SEE the catalog in Databricks
-- Without this, schemas and tables are invisible
-- ---------------------------------------------------------
GRANT USE CATALOG ON CATALOG bankOf420
TO `data_engineering_team`;


-- ---------------------------------------------------------
-- 2) SCHEMA ACCESS
-- Allows the group to SEE schemas inside the catalog
-- Required before granting table-level access
-- ---------------------------------------------------------

-- Core banking data (accounts, transactions)
GRANT USE SCHEMA ON SCHEMA bankOf420.bank_core
TO `data_engineering_team`;

-- Loan and repayment data
GRANT USE SCHEMA ON SCHEMA bankOf420.bank_loans
TO `data_engineering_team`;

-- Customer and employee master data
GRANT USE SCHEMA ON SCHEMA bankOf420.bank_master
TO `data_engineering_team`;

-- Card-related data
GRANT USE SCHEMA ON SCHEMA bankOf420.bank_cards
TO `data_engineering_team`;

-- Branch / ATM / infrastructure reference data
GRANT USE SCHEMA ON SCHEMA bankOf420.bank_infrastructure
TO `data_engineering_team`;


-- ---------------------------------------------------------
-- 3) TABLE-LEVEL READ ACCESS
-- Allows the group to QUERY data using SELECT
-- Best practice: read-only for practice environments
-- ---------------------------------------------------------

-- Transaction history for analytics & aggregation
GRANT SELECT ON TABLE bankOf420.bank_core.transactions
TO `data_engineering_team`;

-- Customer master for joins and enrichment
GRANT SELECT ON TABLE bankOf420.bank_master.customers
TO `data_engineering_team`;

-- Account details for balance and account analysis
GRANT SELECT ON TABLE bankOf420.bank_core.accounts
TO `data_engineering_team`;


-- ---------------------------------------------------------
-- 4) (OPTIONAL BUT RECOMMENDED)
-- Automatically grant SELECT on any NEW tables created
-- in these schemas in the future
-- ---------------------------------------------------------

GRANT SELECT ON FUTURE TABLES IN SCHEMA bankOf420.bank_core
TO `data_engineering_team`;

GRANT SELECT ON FUTURE TABLES IN SCHEMA bankOf420.bank_loans
TO `data_engineering_team`;

GRANT SELECT ON FUTURE TABLES IN SCHEMA bankOf420.bank_master
TO `data_engineering_team`;

GRANT SELECT ON FUTURE TABLES IN SCHEMA bankOf420.bank_cards
TO `data_engineering_team`;

GRANT SELECT ON FUTURE TABLES IN SCHEMA bankOf420.bank_infrastructure
TO `data_engineering_team`;


-- ---------------------------------------------------------
-- 5) VERIFICATION
-- Check all permissions granted to the group
-- ---------------------------------------------------------
SHOW GRANTS TO `data_engineering_team`;
