cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Unity Catalog - External Table

Go to solution
Pat
Honored Contributor III

โ€Ž09-15-2022 07:56 AM

I am not sure if I am missing something, but I just created External Table using External Location and I can still access both data through the table and directly access files from the storage:image.png 

documentation:image.pnghttps://docs.databricks.com/data-governance/unity-catalog/create-tables.html#create-an-external-tabl...

Preview file
31 KB
Preview file
50 KB
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Pat
Honored Contributor III

โ€Ž10-07-2022 12:44 AM

I got the answer from the Databricks Support on this.

The point which has been mentioned in doc "Once a table is created in a path, users can no longer directly access the files in that path even if they have been given privileges on an external location or storage credential to do so. This is to ensure that users cannot circumvent access controls applied to tables by reading files from your cloud tenant directly." is a bit different. Consider there is User U4 who is having access to the external location but DO NOT have access to the table T1. In such a scenario the aforementioned point is applicable and we raise an error like โ€œPERMISSION_DENIED: trying to access path with conflicting external tablesโ€.

View solution in original post

4 REPLIES 4

Go to solution
Sivaprasad1
Valued Contributor II

โ€Ž09-15-2022 11:30 AM

@Pat Sienkiewiczโ€‹ : Have you tried to do select on the table with another user other than the owner who has permission to storage location?

0 Kudos

Go to solution
Pat
Honored Contributor III
In response to Sivaprasad1

โ€Ž09-15-2022 11:41 PM

I am using terraform to create storage credentials and external locations and the owner is not my user.

Still, I would expect as per documentation that even owner should not be able to access data via file path if table was created. I believe that I tested this before and worked, so not why this is happening now. Looks like bug to me.

0 Kudos

Go to solution
Anonymous
Not applicable

โ€Ž09-28-2022 01:05 AM

Hi @Pat Sienkiewiczโ€‹ 

Hope all is well! Just wanted to check in if you were able to resolve your issue and would you be happy to share the solution or mark an answer as best? Else please let us know if you need more help. 

We'd love to hear from you.

Thanks!

0 Kudos

Go to solution
Pat
Honored Contributor III

โ€Ž10-07-2022 12:44 AM

I got the answer from the Databricks Support on this.

The point which has been mentioned in doc "Once a table is created in a path, users can no longer directly access the files in that path even if they have been given privileges on an external location or storage credential to do so. This is to ensure that users cannot circumvent access controls applied to tables by reading files from your cloud tenant directly." is a bit different. Consider there is User U4 who is having access to the external location but DO NOT have access to the table T1. In such a scenario the aforementioned point is applicable and we raise an error like โ€œPERMISSION_DENIED: trying to access path with conflicting external tablesโ€.

Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.