Databricks Certified Data Engineer Professional — Question 55

The data architect has decided that once data has been ingested from external sources into the
Databricks Lakehouse, table access controls will be leveraged to manage permissions for all production tables and views.

The following logic was executed to grant privileges for interactive queries on a production database to the core engineering group.

GRANT USAGE ON DATABASE prod TO eng;
GRANT SELECT ON DATABASE prod TO eng;

Assuming these are the only privileges that have been granted to the eng group and that these users are not workspace administrators, which statement describes their privileges?

Answer options

• A. Group members have full permissions on the prod database and can also assign permissions to other users or groups.
• B. Group members are able to list all tables in the prod database but are not able to see the results of any queries on those tables.
• C. Group members are able to query and modify all tables and views in the prod database, but cannot create new tables or views.
• D. Group members are able to query all tables and views in the prod database, but cannot create or edit anything in the database.
• E. Group members are able to create, query, and modify all tables and views in the prod database, but cannot define custom functions.

Correct answer: D

Explanation

The correct answer is D because the GRANT USAGE on DATABASE allows the group to access the database and the GRANT SELECT allows them to query tables and views. However, they cannot create or edit any objects since those permissions were not granted. Options A, B, C, and E incorrectly imply additional permissions that are not granted to the eng group.