Fine-grained access control for models

This page explains how fine-grained access control works with Spanner models.

For fine-grained access control users, you can control access to MODEL entities with the following privilege:

Grant EXECUTE on the model to allow machine learning functions to use it.
GoogleSQL
```
GRANT EXECUTE ON MODEL MODEL_NAME TO ROLE ROLE_NAME;
```

`INFORMATION_SCHEMA` views for models

The following views show the database roles and privileges information for models:

GoogleSQL-dialect databases: INFORMATION_SCHEMA.MODEL_PRIVILEGES

The rows in this view are filtered based on the current database role's privileges on models. This ensures that principals can view only the roles, privileges, and models that they have access to.

Row filtering also applies to the following model-related views:

GoogleSQL

INFORMATION_SCHEMA.MODELS
INFORMATION_SCHEMA.MODEL_OPTIONS
INFORMATION_SCHEMA.MODEL_COLUMNS
INFORMATION_SCHEMA.MODEL_COLUMN_OPTIONS

The system role spanner_info_reader and its members always see an unfiltered INFORMATION_SCHEMA.

More information

About models
Create and manage models
About fine-grained access control

Fine-grained access control for models

GoogleSQL

INFORMATION_SCHEMA views for models

GoogleSQL

More information

`INFORMATION_SCHEMA` views for models