search

databrickslabs / ucx

Your best companion for upgrading to Unity Catalog. UCX will guide you, the Databricks customer, through the process of upgrading your account, groups, workspaces, jobs etc. to Unity Catalog.
Other
196 stars 70 forks source link

[BUG]: Should skip running TACL migration for workspaces without Table Access Control enabled #1957

Closed nfx closed 4 days ago

nfx commented 2 weeks ago

Is there an existing issue for this?

Current Behavior

Currently we're getting Couldn't fetch grants for object DATABASE hive_metastore.XXX: An error occurred while calling 0374.sql: org.apache.spark.SparkException: Trying to perform permission action on Hive Metastore /CATALOG/'hive _metastore'/DATABASE/'XXX' but Table Access Control is not enabled on this cluster. even though we must not get any errors during assessment.

Expected Behavior

no errors

Steps To Reproduce

No response

Cloud

AWS

Operating System

macOS

Version

latest via Databricks CLI

Relevant log output

No response

ericvergnaud commented 4 days ago

In order to reproduce this issue, according to these docs, we need not only a workspace without TABLE_ACL, but also a cluster without TABLE_ACL. The docs explain how to turn TABLE_ACL on/off for a workspace, but not for a cluster... and I couldn't identify a way to do that via the UI (under "Compute"). It seems this setting can only be configured when creating the cluster ?

ericvergnaud commented 4 days ago

Regardless of the above, fetching the setting via ws.workspace_conf.get_status(keys="enableAclsConfig") fails with invalid key error. Plus that might not tell us whether the cluster supports TABLE_ACL... Switching to 'skip on error' strategy.