When you configure a data access control policy to grant data access permissions to a user in a cloud data platform, bear in mind that different platforms apply the policy permissions in different ways.
The following table lists the permissions that you can configure in a data access control policy and the corresponding permissions that the policy enables in cloud data platforms:
Policy Permission in Data Access Management
read
write
delete
Amazon Redshift Permission
select
insert
update
delete
Databricks Permission
select
modify
(not applicable)
Microsoft Power BI Permission
read
For Power BI workspaces: ReadWriteExplore
For Power BI datasets: (not applicable)
(not applicable)
Snowflake Permission
select
insert
update
delete
Note the following guidelines when you configure data access control policy permissions:
•Because views are read-only objects, a source system ignores permissions other than read when a policy applies to a view.
•The Microsoft Power BI ReadWriteExplore permission grants write and delete access to workspace objects. If you grant write permission to a Microsoft Power BI workspace object, you also implicitly grant the delete permission.
•The delete permission doesn't apply to Databricks or Microsoft Power BI. If you select the delete permission, you don't grant any permission.
•The Databricks modify permission grants write and delete access. If you grant write permission to a Databricks object, you also implicitly grant the delete permission.
•For the Databricks Unity and Hive catalog types, Data Access Management grants user permissions to catalogs and schemas.
•For Databricks, sample tables and system tables cannot be managed unless an account admin can be used, which we do not recommend as a minimum permission. The Secure Agent will fail any sample tables and system tables.
•For Snowflake catalogs, Data Access Management grants user permissions to databases and schemas.