I’m looking for a query to view all privilege grants in a project. The table “sys.project.privileges” only shows those for datasources besides the arctic catalog.
select * from sys.project.privileges
While I have written something to get these via the API, it seems uintended that a table named “sys.project.privileges” would not contain all the privileges in the project.
When I run “select * from sys.project.privileges” I don’t see anything from the Arctic catalog in the object_id column. I also don’t see any privileges for the project itself.
It only shows privileges for data sources, e.g. Snowflake.
Currently, to get all the privileges for the project as a whole, I have to do the following:
pull sys.projects.privileges to get data source privileges
pull sys.organization.privileges to get project privileges
use the API and loop through projects > catalogs (get the arctic catalog) > folders to get privileges on the Arctic catalog
Thanks for clarifying. The split of privileges that you’re seeing between the sys.organization.privileges and the sys.project.privileges system tables is expected, as some objects are classified as org-level and some objects are project-level.
Regarding Arctic privileges missing from the system tables entirely–this is a common feature request from our users and our Product team is currently looking into it. You are correct that you can access this information through the API instead.