Lưu ý
Cần có ủy quyền mới truy nhập được vào trang này. Bạn có thể thử đăng nhập hoặc thay đổi thư mục.
Cần có ủy quyền mới truy nhập được vào trang này. Bạn có thể thử thay đổi thư mục.
Applies to: 
Databricks SQL Databricks Runtime
A principal is a user, service principal, or group known to the metastore. Principals can be granted privileges and can own securable objects.
Syntax
{ `<user>@<domain-name>` |
`<sp-application-id>` |
group_name |
users |
`account users` }
Any object name that includes special characters, such as hyphens or dashes (-), must be surrounded by backticks (` `). Object names with underscores (_) don't require backticks. See Names.
Parameters
<user>@<domain-name>An individual user. You must escape the identifier with back-ticks (`) because of the @ character in the username.
<sp-application-id>A service principal, specified by its
applicationIdvalue. You must escape the identifier with back-ticks (`) because of the dash (-) characters in the ID.group_name
An identifier that specifies a group of users or groups. You must escape the identifier with back-ticks (`) if the group name uses special characters, like dashes (-).
users
The root group to which all users in the workspace belong. You cannot grant
usersprivileges on securable objects in Unity Catalog because it is a workspace-local group.account usersThe root group to which all users in the account belong. You must escape the identifier with back-ticks (`) because of the blank space character.
Workspace-local and account groups
Azure Databricks has the concept of account groups and workspace-local groups, with special behaviors:
- Account groups Account groups can be created by account admins and workspace admins of identity-federated workspaces. They can be granted access to identity-federated workspaces and privileges to securable objects in the Unity Catalog.
- Workspace-local groups can be created only by workspace admins. These groups are identified as workspace-local in the workspace admin settings page and on the workspace Permissions tab in the account console. Workspace-local groups cannot be assigned to additional workspaces or granted privileges to securable objects in the Unity Catalog. The system groups
usersandadminsare a workspace-local groups.
Examples
-- Granting a privilege to the user alf@melmak.et
> GRANT SELECT ON TABLE t TO `alf@melmak.et`;
-- Granting a privilege to the service principal fab9e00e-ca35-11ec-9d64-0242ac120002
> GRANT SELECT ON TABLE t TO `fab9e00e-ca35-11ec-9d64-0242ac120002`;
-- Revoking a privilege from the general public group.
> REVOKE SELECT ON TABLE t FROM `account users`;
-- Transferring ownership of an object to `some-group`
> ALTER SCHEMA some_schema OWNER TO `some-group`;