cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Automating DDLs and Privilege management

Pat
Honored Contributor III

How do you automate table creation and management of privilege / grants on securable objects (tables, views, etc.).

I had idea to use terraform to manage above, but terraform doesn't work with managed tables - it allows to create table but then there are some errors while running `show create table` or `describe table` for example.

I have multi-region, multi-tenant environment where I would like to automate process of adding the tables and manage privileges. The schemas across Regions are the same, catalogs might change a bit depends on the region/tenant/customer/

My first attempt is:

1. upload notebook that have statements like:

DROP and CREATE EXTERNAL TABLES

CREATE IF NOT EXISTS managed tables.

Grant privileges on those catalogs, schemas, tables (views in the future, maybe some UDFs and other objects).

2. Create workflow to execute that notebook above

workflow can take some params like catalog name, depends on env (dev/stg/prod), and region (eu-west-1, eu-central-1).

I am not 100% sure yet about privileges here. Granting access it's we can run over again GRANT ... but Revoking access seems bit problematic, I would need to handle the difference. Check first groups that have access to objects, and if I pass as param different groups then revoke. It's not a problem, I can handle it ,but I would like to know how others are doing this.

thanks,

Pat.

0 REPLIES 0
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!