Databricks object and endpoint permission

https://docs.databricks.com/dev-tools/api/latest/permissions.html

Object permissions and data permissions

Catalog conn with Databricks?? On DB cluster??

* Token — Manage which users can create or use tokens.
* Password — Manage which users can use password login when SSO is enabled.
* Cluster — Manage which users can manage, restart, or attach to clusters.
* Pool — Manage which users can manage or attach to pools. Some APIs and
documentation refer to pools as instance pools.
* Job — Manage which users can view, manage, trigger, cancel, or own a job.
* DLT_Pipeline — Manage which users can view, manage, run, cancel, or own a Delta Live
Tables pipeline.
* Notebook — Manage which users can read, run, edit or manage a notebook.
* Directory — Manage which users can read, run, edit, or manage all notebooks in a
directory.
* MLflow_Experiment — Manage which users can read, edit, or manage MLflow
experiments.
* MLflow_Registered_Model — Manage which users can read, edit, or manage MLflow
registered models.
* SQL_Endpoint — Manage which users can use or manage SQL endpoints.
* Repo — Manage which users can read, run, edit, or manage a repo.

Data Permissions

- Unity Catalog data permissions (privileges)

- USE_CATALOG: does not give any abilities, but is an additional requirement to perform any
action on a catalog object.
- USE_SCHEMA: does not give any abilities, but is an additional requirement to perform any
action on a schema object.
- SELECT: gives read access to table or all tables in object
- CREATE_SCHEMA: gives ability to create table in object
- CREATE_TABLE: gives ability to create table in object
- Hive Metastore data permission https://docs.databricks.com/security/access-control/table-
acls/object-privileges.html#privileges
- SELECT: gives read access to an object.
- CREATE: gives ability to create an object (for example, a table in a schema).
- MODIFY: gives ability to add, delete, and modify data to or from an object.
- USAGE: does not give any abilities, but is an additional requirement to perform any action
on a schema object.
- READ_METADATA: gives ability to view an object and its metadata.
- CREATE_NAMED_FUNCTION: gives ability to create a named UDF in an existing catalog or
schema.
- MODIFY_CLASSPATH: gives ability to add files to the Spark class path.
- ALL PRIVILEGES: gives all privileges (is translated into all the above privileges)."
Hive metastore privileges and securable objects (legacy)
Learn how to set privileges on tables, schemas, views, functions, and subsets of these in Databricks.