cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lakebase -- Enable RLS in synced Table

Go to solution
DaPo
New Contributor III

2 weeks ago

Dear all,

I am currently testing Lakebase for integration in our overall system. In particular I need to enable RLS on a Lakebase table, which is synced from a "Delta Streaming Table" in UC. Setting up the data sync was no trouble, in UC I am the owner of the table. Enabling RLS is somewhat more troublesome. Here is the steps, I have tried (without success):

  1. Create a Database role tied to my databricks User, which has all privileges including databricks_superuser (https://docs.databricks.com/aws/en/oltp/pg-roles)
  2. Open the SQL-Editor, select the Lakebase instance as compute.
  3. Run ALTER TABLE <my-table> ENABLE ROW LEVEL SECURITY; (https://www.postgresql.org/docs/17/ddl-rowsecurity.html)
  4. Get an error: "You must be Owner of the table" (Remember, in UC I am the owner).

I assume, that I am missing something here, how the interaction between databricks user and postgres role happens. So what am I missing?

Also: Are there any possibilities or plans to utilize UC Row-Filters with Lakebase (https://docs.databricks.com/aws/en/data-governance/unity-catalog/filters-and-masks/)? Would be nice to have an unified integrated RLS solution for Lakebase tables and Delta tables.

Greetings, Daniel

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Advika
Databricks Employee
Databricks Employee

Tuesday

Hello @DaPo!

Could you please confirm whether you are the owner of the table within the Lakebase Postgres (not just in Unity Catalog)?
Also, can you try creating a view on the synced table and then configure RLS on that view?

View solution in original post

2 REPLIES 2

Go to solution
Advika
Databricks Employee
Databricks Employee

Tuesday

Hello @DaPo!

Could you please confirm whether you are the owner of the table within the Lakebase Postgres (not just in Unity Catalog)?
Also, can you try creating a view on the synced table and then configure RLS on that view?

Go to solution
DaPo
New Contributor III
In response to Advika

Tuesday

Hi @Advika,

yes, I was only owner in UC, the Lakebase owner is some databricks_writer, and features like RLS seem to be restricted. Since Lakebase is quite new, I do not yet fully understand the interaction between UC concepts and Lakebase concepts. Creating a view does the trick.

 

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements