CERTIFIED-DATA-ENGINEER-PROFESSIONAL Question #77: Real Exam Question with Answer & Explanation

Question

The data architect has decided that once data has been ingested from external sources into the Databricks Lakehouse, table access controls will be leveraged to manage permissions for all production tables and views. The following logic was executed to grant privileges for interactive queries on a production database to the core engineering group. GRANT USAGE ON DATABASE prod TO eng; GRANT SELECT ON DATABASE prod TO eng; Assuming these are the only privileges that have been granted to the eng group and that these users are not workspace administrators, which statement describes their privileges?

Options

• AGroup members have full permissions on the prod database and can also assign permissions to
• BGroup members are able to list all tables in the prod database but are not able to see the results
• CGroup members are able to query and modify all tables and views in the prod database, but
• DGroup members are able to query all tables and views in the prod database, but cannot create or
• EGroup members are able to create, query, and modify all tables and views in the prod database,

Explanation

The GRANT USAGE ON DATABASE prod TO eng command grants the eng group the permission to use the prod database, which means they can list and access the tables and views in the database. The GRANT SELECT ON DATABASE prod TO eng command grants the eng group the permission to select data from the tables and views in the prod database, which means they can query the data using SQL or DataFrame API. However, these commands do not grant the eng group any other permissions, such as creating, modifying, or deleting tables and views, or defining custom functions. Therefore, the eng group members are able to query all tables and views in the prod database, but cannot create or edit anything in the database.

No community discussion yet for this question.