Databricks Certified Data Engineer Professional — Question 205

The data architect has decided that once data has been ingested from external sources into the
Databricks Lakehouse, table access controls will be leveraged to manage permissions for all production tables and views.

The following logic was executed to grant privileges for interactive queries on a production database to the core engineering group.

GRANT USAGE ON DATABASE prod TO eng;
GRANT SELECT ON DATABASE prod TO eng;

Assuming these are the only privileges that have been granted to the eng group and that these users are not workspace administrators, which statement describes their privileges?

Answer options

• A. Group members are able to create, query, and modify all tables and views in the prod database, but cannot define custom functions.
• B. Group members are able to list all tables in the prod database but are not able to see the results of any queries on those tables.
• C. Group members are able to query and modify all tables and views in the prod database, but cannot create new tables or views.
• D. Group members are able to query all tables and views in the prod database, but cannot create or edit anything in the database.

Correct answer: D

Explanation

The correct answer is D because the granted privileges allow the eng group to execute queries on the tables and views in the prod database without the ability to create or modify any database objects. Options A and C are incorrect as they imply additional privileges that were not granted, and option B is incorrect because it suggests that the group cannot see query results, which contradicts the SELECT privilege they received.