> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anomalyarmor.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Databricks Permissions Script

> SQL script for granting AnomalyArmor read-only access to Databricks Unity Catalog

<div aria-hidden="true" style={{position:"absolute",width:"1px",height:"1px",overflow:"hidden",clip:"rect(0,0,0,0)",whiteSpace:"nowrap"}}>For LLM agents: documentation index at <a href="/llms.txt" tabIndex={-1}>/llms.txt</a>, full text at <a href="/llms-full.txt" tabIndex={-1}>/llms-full.txt</a>. Append .md to any page URL for plain markdown.</div>

Copy this SQL script and run it as a catalog owner or metastore admin.

<Tip>
  Replace the placeholder values before running:

  * `your_catalog` → Your Unity Catalog name
  * `anomalyarmor` → Your service principal or user name
</Tip>

## Prerequisites

* Databricks workspace with Unity Catalog enabled
* SQL Warehouse (serverless or classic)
* Service principal or user account for AnomalyArmor

## Full Catalog Access

Recommended for simplicity:

```sql theme={null}
-- =============================================================================
-- AnomalyArmor Databricks Unity Catalog Permissions
-- =============================================================================
-- WHAT THIS GRANTS:
-- - USE CATALOG: Access catalog metadata
-- - USE SCHEMA: Access schema metadata
-- - SELECT: Read table data for freshness checks
--
-- WHAT THIS DOES NOT GRANT:
-- - CREATE: No table/schema/catalog creation
-- - MODIFY: No data modification
-- - MANAGE: No permission management
-- =============================================================================

-- Grant access to the catalog
GRANT USE CATALOG ON CATALOG your_catalog TO `anomalyarmor`;

-- Grant access to all schemas in the catalog
GRANT USE SCHEMA ON CATALOG your_catalog TO `anomalyarmor`;

-- Grant read access to all tables in the catalog
GRANT SELECT ON CATALOG your_catalog TO `anomalyarmor`;
```

## Per-Schema Permissions

For granular access to specific schemas only:

```sql theme={null}
-- Grant catalog access (required)
GRANT USE CATALOG ON CATALOG your_catalog TO `anomalyarmor`;

-- Grant schema access per schema
GRANT USE SCHEMA ON SCHEMA your_catalog.raw TO `anomalyarmor`;
GRANT USE SCHEMA ON SCHEMA your_catalog.staging TO `anomalyarmor`;
GRANT USE SCHEMA ON SCHEMA your_catalog.marts TO `anomalyarmor`;

-- Grant read access per schema
GRANT SELECT ON SCHEMA your_catalog.raw TO `anomalyarmor`;
GRANT SELECT ON SCHEMA your_catalog.staging TO `anomalyarmor`;
GRANT SELECT ON SCHEMA your_catalog.marts TO `anomalyarmor`;
```

## Service Principal Setup

Service principals are more secure than personal access tokens:

* Organization-owned, not tied to individual users
* Persist regardless of employee changes
* Can be managed centrally

1. **Create service principal**: Admin Console → Service Principals → Add Service Principal
2. **Generate OAuth secret**: Select the service principal → Secrets → Generate Secret
3. **Copy** the Client ID and Client Secret for AnomalyArmor

```sql theme={null}
-- Grant permissions to service principal
GRANT USE CATALOG ON CATALOG your_catalog TO `anomalyarmor-monitoring`;
GRANT USE SCHEMA ON CATALOG your_catalog TO `anomalyarmor-monitoring`;
GRANT SELECT ON CATALOG your_catalog TO `anomalyarmor-monitoring`;
```

## Verification

```sql theme={null}
-- Run as the AnomalyArmor user/service principal

-- Test 1: Can list schemas
SHOW SCHEMAS IN CATALOG your_catalog;

-- Test 2: Can list tables
SHOW TABLES IN SCHEMA your_catalog.your_schema;

-- Test 3: Can query for freshness
SELECT MAX(event_timestamp) FROM your_catalog.your_schema.your_table;
```

## View Current Permissions

```sql theme={null}
-- Show grants on catalog
SHOW GRANTS ON CATALOG your_catalog;

-- Show grants to specific user/service principal
SHOW GRANTS TO `anomalyarmor`;
```

## Cleanup

```sql theme={null}
REVOKE SELECT ON CATALOG your_catalog FROM `anomalyarmor`;
REVOKE USE SCHEMA ON CATALOG your_catalog FROM `anomalyarmor`;
REVOKE USE CATALOG ON CATALOG your_catalog FROM `anomalyarmor`;
```

<Card title="Back to Databricks Guide" icon="arrow-left" href="/data-sources/databricks">
  Complete setup instructions
</Card>
