Databricks Exam Databricks-Certified-Professional-Data-Engineer Topic 5 Question 26 Discussion

Actual exam question for Databricks's Databricks-Certified-Professional-Data-Engineer exam

Question #: 26
Topic #: 5

[All Databricks-Certified-Professional-Data-Engineer Questions]

The data architect has decided that once data has been ingested from external sources into the

Databricks Lakehouse, table access controls will be leveraged to manage permissions for all production tables and views.

The following logic was executed to grant privileges for interactive queries on a production database to the core engineering group.

GRANT USAGE ON DATABASE prod TO eng;

GRANT SELECT ON DATABASE prod TO eng;

Assuming these are the only privileges that have been granted to the eng group and that these users are not workspace administrators, which statement describes their privileges?

AGroup members have full permissions on the prod database and can also assign permissions to other users or groups.

BGroup members are able to list all tables in the prod database but are not able to see the results of any queries on those tables.

CGroup members are able to query and modify all tables and views in the prod database, but cannot create new tables or views.

DGroup members are able to query all tables and views in the prod database, but cannot create or edit anything in the database.

EGroup members are able to create, query, and modify all tables and views in the prod database, but cannot define custom functions.

Show Suggested Answer

Suggested Answer: D

The GRANT USAGE ON DATABASE prod TO eng command grants the eng group the permission to use the prod database, which means they can list and access the tables and views in the database. The GRANT SELECT ON DATABASE prod TO eng command grants the eng group the permission to select data from the tables and views in the prod database, which means they can query the data using SQL or DataFrame API. However, these commands do not grant the eng group any other permissions, such as creating, modifying, or deleting tables and views, or defining custom functions. Therefore, the eng group members are able to query all tables and views in the prod database, but cannot create or edit anything in the database.Reference:

Grant privileges on a database: https://docs.databricks.com/en/security/auth-authz/table-acls/grant-privileges-database.html

Privileges you can grant on Hive metastore objects: https://docs.databricks.com/en/security/auth-authz/table-acls/privileges.html

by Yvette at Nov 17, 2024, 05:16 PM

Limited Time Offer

25%

27 days ago

Hmm, this is a tricky one. I was going to say C, but after re-reading the question, I think D is the right answer. They can't do anything except view the data, which is a bit disappointing for the core engineering group.

upvoted 0 times

Leanna

10 days ago

I think D is the correct answer. They can query tables but not create or edit anything in the database.

upvoted 0 times

...

25 days ago

I think the correct answer here is D.

upvoted 0 times

...