cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Advice regarding retaining environment-specific access when applying Unity Catalog to workspaces split by environment

Kayl669
New Contributor II

‎01-12-2023 08:14 AM

My org is considering a transition from hive metastore to unity catalog. We currently have a workspace for each of dev/uat/production and each of those provide access to their respective blob storage account data. Unity Catalog sits at the account-level and bridges the workspaces; which seem to enable a user (with justifiable access to all envs) to access prod data from any workspace as there doesn't seem to be a way to deny a user the ability to switch catalog (or even set what the default catalog is) within a particular workspace. How can we steer/force users to use each environment-specific workspace as intended?

Labels:
0 Kudos
5 REPLIES 5

LandanG
Honored Contributor
Honored Contributor

‎01-12-2023 08:36 AM

Hi @James H​ ,

I believe you're describing something that will be addressed with a feature called "Catalog to workspace bindings". For example, only prod data can be accessed in prod workspaces. This feature is slated to be released hopefully by the end of January

4kb_nick
New Contributor III
In response to LandanG

‎02-03-2023 07:23 PM

This would be really great. I’m helping a client build a new lakehouse in Azure and this is one of the only things I’m stuck on with the proposed architecture. Catalog to workspace binding would really solve that problem.

in the interim, is there any way to leverage cluster policies to force the default catalog on a cluster and prevent the user from changing it?

0 Kudos

js54123875
New Contributor III
In response to LandanG

‎05-05-2023 08:32 AM

Hi @Landan George​ - Is "Catalog to workspace bindings" available? I cannot find any documentation on it.

0 Kudos

Debayan
Esteemed Contributor III
Esteemed Contributor III

‎01-12-2023 12:09 PM

Hi, Please refer : https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html and let us know if this helps.

0 Kudos

Kayl669
New Contributor II

‎01-13-2023 01:42 AM

I did find this document which indicates that you can set the initial catalog on cluster start:: https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/hive-metastore#diff...

Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.