https://community.databricks.com/t5/data-governance/fine-grained-control-of-volumes/m-p/64309#M1731 <P>&nbsp;</P> <DIV class="p-rich_text_section"><STRONG>Yes, it is possible to provide fine-grained control at the folder or file level within a volume in Databricks Unity Catalog. You can achieve this by creating managed or external volumes in the Unity Catalog and granting specific groups or users access to the desired directories or files within the volume. With managed volumes, you can create governed storage for working with files without the need for configuring access to cloud storage, while external volumes allow you to add governance to existing cloud object storage directories.To create a managed volume, you can use the&nbsp;<CODE class="c-mrkdwn__code" data-stringify-type="code">CREATE VOLUME</CODE>&nbsp;command in SQL or the Catalog Explorer UI. For example:</STRONG></DIV> <P>&nbsp;</P> <DIV class="p-rich_text_block--no-overflow"><STRONG>CREATE VOLUME &lt;catalog&gt;.&lt;schema&gt;.&lt;volume-name&gt;;</STRONG></DIV> <DIV class="p-rich_text_block--no-overflow">&nbsp;</DIV> <DIV class="p-rich_text_section"><STRONG>To create an external volume, you can specify the location within an external location using the&nbsp;<CODE class="c-mrkdwn__code" data-stringify-type="code">CREATE EXTERNAL VOLUME</CODE>&nbsp;command in SQL or the Catalog Explorer UI. For example:</STRONG></DIV> <P>&nbsp;</P> <DIV class="p-rich_text_block--no-overflow"><STRONG>CREATE EXTERNAL VOLUME &lt;catalog&gt;.&lt;schema&gt;.&lt;external-volume-name&gt; LOCATION 's3://&lt;external-location-bucket-path&gt;/&lt;directory&gt;';</STRONG></DIV> <DIV class="p-rich_text_section">Once the volumes are created, you can grant permissions to specific groups or users using the<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">GRANT</CODE><SPAN>&nbsp;</SPAN>command in SQL. For example:</DIV> <P>&nbsp;</P> <DIV class="p-rich_text_block--no-overflow"><STRONG>GRANT READ VOLUME, WRITE VOLUME ON VOLUME &lt;volume-name&gt; TO &lt;group-name&gt;;</STRONG></DIV> <P><LI-WRAPPER></LI-WRAPPER></P> <DIV class="p-rich_text_section">You can then access and work with the files in the the volume using SQL,<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">%fs</CODE><SPAN>&nbsp;</SPAN>magic command, Databricks utilities, or other libraries. The path to access files in volumes follows the format:<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">/Volumes/&lt;catalog&gt;/&lt;schema&gt;/&lt;volume&gt;/&lt;path&gt;/&lt;file-name&gt;</CODE><SPAN>&nbsp;</SPAN>or<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">dbfs:/Volumes/&lt;catalog&gt;/&lt;schema&gt;/&lt;volume&gt;/&lt;path&gt;/&lt;file-name&gt;</CODE>.</DIV> <P><SPAN>&nbsp;</SPAN></P> <P><A class="c-link" href="https://docs.databricks.com/data-governance/unity-catalog/best-practices.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://docs.databricks.com/data-governance/unity-catalog/best-practices.html" data-sk="tooltip_parent">https://docs.databricks.com/data-governance/unity-catalog/best-practices.html</A><SPAN>,&nbsp;</SPAN><A class="c-link" href="https://docs.databricks.com/connect/unity-catalog/volumes.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://docs.databricks.com/connect/unity-catalog/volumes.html" data-sk="tooltip_parent">https://docs.databricks.com/connect/unity-catalog/volumes.html</A><SPAN>,&nbsp;</SPAN></P> <P><A class="c-link" href="https://docs.databricks.com/discover/files.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://docs.databricks.com/discover/files.html" data-sk="tooltip_parent">https://docs.databricks.com/discover/files.html</A><SPAN>,&nbsp;</SPAN><A class="c-link" href="https://databricks.com/blog/announcing-public-preview-volumes-databricks-unity-catalog)" target="_blank" rel="noopener noreferrer" data-stringify-link="https://databricks.com/blog/announcing-public-preview-volumes-databricks-unity-catalog)" data-sk="tooltip_parent">https://databricks.com/blog/announcing-public-preview-volumes-databricks-unity-catalog)</A></P> Thu, 21 Mar 2024 15:53:47 GMT Sidhant07 2024-03-21T15:53:47Z https://community.databricks.com/t5/data-governance/fine-grained-control-of-volumes/m-p/61489#M1688 <P>Is it possible to provide fine grained control (folder level/file level) for a given volume?</P><P>I have two SCIM integrated groups who have read volume access at the catalog level, but those two groups need different permissions on a lower level. Preferably at a folder or file level within the volume.&nbsp;</P><P><STRONG>Volume:</STRONG></P><P>(Top level)</P><UL><LI>landing/</LI></UL><P>(Inner level)</P><UL><LI><UL><LI>landing/PDF (group 1 needs access only)</LI><LI>landing/CSV (group 2 needs access only)</LI></UL></LI></UL><P>Is it possible to achieve this without having to mount the inner levels as a top level or creating X schemas? Any recommendations are highly appreciated.&nbsp;</P><P>&nbsp;</P> Thu, 22 Feb 2024 15:33:26 GMT https://community.databricks.com/t5/data-governance/fine-grained-control-of-volumes/m-p/61489#M1688 ossinova 2024-02-22T15:33:26Z https://community.databricks.com/t5/data-governance/fine-grained-control-of-volumes/m-p/64309#M1731 <P>&nbsp;</P> <DIV class="p-rich_text_section"><STRONG>Yes, it is possible to provide fine-grained control at the folder or file level within a volume in Databricks Unity Catalog. You can achieve this by creating managed or external volumes in the Unity Catalog and granting specific groups or users access to the desired directories or files within the volume. With managed volumes, you can create governed storage for working with files without the need for configuring access to cloud storage, while external volumes allow you to add governance to existing cloud object storage directories.To create a managed volume, you can use the&nbsp;<CODE class="c-mrkdwn__code" data-stringify-type="code">CREATE VOLUME</CODE>&nbsp;command in SQL or the Catalog Explorer UI. For example:</STRONG></DIV> <P>&nbsp;</P> <DIV class="p-rich_text_block--no-overflow"><STRONG>CREATE VOLUME &lt;catalog&gt;.&lt;schema&gt;.&lt;volume-name&gt;;</STRONG></DIV> <DIV class="p-rich_text_block--no-overflow">&nbsp;</DIV> <DIV class="p-rich_text_section"><STRONG>To create an external volume, you can specify the location within an external location using the&nbsp;<CODE class="c-mrkdwn__code" data-stringify-type="code">CREATE EXTERNAL VOLUME</CODE>&nbsp;command in SQL or the Catalog Explorer UI. For example:</STRONG></DIV> <P>&nbsp;</P> <DIV class="p-rich_text_block--no-overflow"><STRONG>CREATE EXTERNAL VOLUME &lt;catalog&gt;.&lt;schema&gt;.&lt;external-volume-name&gt; LOCATION 's3://&lt;external-location-bucket-path&gt;/&lt;directory&gt;';</STRONG></DIV> <DIV class="p-rich_text_section">Once the volumes are created, you can grant permissions to specific groups or users using the<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">GRANT</CODE><SPAN>&nbsp;</SPAN>command in SQL. For example:</DIV> <P>&nbsp;</P> <DIV class="p-rich_text_block--no-overflow"><STRONG>GRANT READ VOLUME, WRITE VOLUME ON VOLUME &lt;volume-name&gt; TO &lt;group-name&gt;;</STRONG></DIV> <P><LI-WRAPPER></LI-WRAPPER></P> <DIV class="p-rich_text_section">You can then access and work with the files in the the volume using SQL,<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">%fs</CODE><SPAN>&nbsp;</SPAN>magic command, Databricks utilities, or other libraries. The path to access files in volumes follows the format:<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">/Volumes/&lt;catalog&gt;/&lt;schema&gt;/&lt;volume&gt;/&lt;path&gt;/&lt;file-name&gt;</CODE><SPAN>&nbsp;</SPAN>or<SPAN>&nbsp;</SPAN><CODE class="c-mrkdwn__code" data-stringify-type="code">dbfs:/Volumes/&lt;catalog&gt;/&lt;schema&gt;/&lt;volume&gt;/&lt;path&gt;/&lt;file-name&gt;</CODE>.</DIV> <P><SPAN>&nbsp;</SPAN></P> <P><A class="c-link" href="https://docs.databricks.com/data-governance/unity-catalog/best-practices.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://docs.databricks.com/data-governance/unity-catalog/best-practices.html" data-sk="tooltip_parent">https://docs.databricks.com/data-governance/unity-catalog/best-practices.html</A><SPAN>,&nbsp;</SPAN><A class="c-link" href="https://docs.databricks.com/connect/unity-catalog/volumes.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://docs.databricks.com/connect/unity-catalog/volumes.html" data-sk="tooltip_parent">https://docs.databricks.com/connect/unity-catalog/volumes.html</A><SPAN>,&nbsp;</SPAN></P> <P><A class="c-link" href="https://docs.databricks.com/discover/files.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://docs.databricks.com/discover/files.html" data-sk="tooltip_parent">https://docs.databricks.com/discover/files.html</A><SPAN>,&nbsp;</SPAN><A class="c-link" href="https://databricks.com/blog/announcing-public-preview-volumes-databricks-unity-catalog)" target="_blank" rel="noopener noreferrer" data-stringify-link="https://databricks.com/blog/announcing-public-preview-volumes-databricks-unity-catalog)" data-sk="tooltip_parent">https://databricks.com/blog/announcing-public-preview-volumes-databricks-unity-catalog)</A></P> Thu, 21 Mar 2024 15:53:47 GMT https://community.databricks.com/t5/data-governance/fine-grained-control-of-volumes/m-p/64309#M1731 Sidhant07 2024-03-21T15:53:47Z https://community.databricks.com/t5/data-governance/fine-grained-control-of-volumes/m-p/64859#M1735 <P>Can you define the external location at the Landing level and create two Volumes one for PDF and other for CSV and provide access to the respective groups 1 and 2.</P> Wed, 27 Mar 2024 22:31:56 GMT https://community.databricks.com/t5/data-governance/fine-grained-control-of-volumes/m-p/64859#M1735 rkalluri-apex 2024-03-27T22:31:56Z