Sys.project.privileges does not show privileges for arctic catalogs

Seen in Dremio-Cloud.

I’m looking for a query to view all privilege grants in a project. The table “sys.project.privileges” only shows those for datasources besides the arctic catalog.

select * from sys.project.privileges

While I have written something to get these via the API, it seems uintended that a table named “sys.project.privileges” would not contain all the privileges in the project.

Hi @capnjosh

Which privileges seem to be missing from this table? Does sys.organization.privileges provide the information instead?

When I run “select * from sys.project.privileges” I don’t see anything from the Arctic catalog in the object_id column. I also don’t see any privileges for the project itself.

It only shows privileges for data sources, e.g. Snowflake.

Currently, to get all the privileges for the project as a whole, I have to do the following:

  • pull sys.projects.privileges to get data source privileges
  • pull sys.organization.privileges to get project privileges
  • use the API and loop through projects > catalogs (get the arctic catalog) > folders to get privileges on the Arctic catalog

Thanks for clarifying. The split of privileges that you’re seeing between the sys.organization.privileges and the sys.project.privileges system tables is expected, as some objects are classified as org-level and some objects are project-level.

Regarding Arctic privileges missing from the system tables entirely–this is a common feature request from our users and our Product team is currently looking into it. You are correct that you can access this information through the API instead.

1 Like