GRANT ON SCHEMA

Grants a single privilege on a schema to a user or role.

Category: securityPrivilege: ManageGrantsDeltaForge extension

Syntax

GRANT <privilege> ON SCHEMA <zone.schema> TO {USER | ROLE} <grantee>

Description

## Overview GRANT ON SCHEMA grants a single privilege on a schema to a user or role. ## Behavior - USAGE on the schema lets the grantee enumerate tables; it does not imply SELECT on any individual table. - CREATE lets the grantee create tables and views in the schema. - The grant is idempotent. Re-granting the same tuple succeeds with no error. - Dropping the schema removes all grants on the schema. - Schema grants do not propagate down to tables. Each table requires its own grant. ## Access Control Requires the `ManageGrants` privilege on the schema (or higher). ## Compatibility DeltaForge extension.

Parameters

Name	Type	Description
`privilege`		Specifies the privilege to grant. Valid privileges for a schema include `USAGE`, `CREATE`, and `MODIFY`.
`schema`		Specifies the fully qualified schema (`<zone>.<schema>`).
`grantee_type`		Specifies the grantee kind: `USER` or `ROLE`.
`grantee`		Specifies the user or role name.

Examples

-- Let analysts see tables in a schema
GRANT USAGE ON SCHEMA gold.analytics TO ROLE analyst;

-- Let a service principal create tables in a schema
GRANT CREATE ON SCHEMA silver.staging TO ROLE pipeline_runner;

Pitfalls

USAGE on a schema lets a principal list tables but not read them. Pair it with explicit SELECT grants on each table the principal should read.