cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to share a unity PROD catalog to STAGING workspace

Go to solution
jeremy98
New Contributor III

a month ago

Hello Community,

I’m looking for a secure way to share a production Unity Catalog with the staging workspace. My goal is to sync data from a schema in the production catalog to the staging workspace, enabling it to read the data and write it into some of my staging tables.

Currently, I’ve enabled access to the production catalog in the staging workspace. However, I haven’t implemented specific rules, which means the staging workspace can manipulate the production Unity Catalog—something I definitely want to avoid!

I’ve come across Delta Sharing as a potential solution, but I was wondering if there are other secure alternatives.

Thank you in advance for your help!

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
yumnus
New Contributor III

a month ago

Hi!

A potential solution to your issue could be configuring read-only access to the schema in your production catalog. This approach allows you to securely share the production catalog with your staging workspace while ensuring that users in the staging workspace can only read data and cannot manipulate it. You will have to assign the production catalog to your staging workspace.

To implement this:

  1. Assign appropriate permissions (e.g. SELECT only) to the users or groups in the staging workspace for the specific schemas or tables you wish to share.
  2. Ensure no write privileges are granted to the staging workspace for the production catalog to maintain data integrity.

If you are considering Delta Sharing, it’s a robust alternative, especially for use cases that involve sharing data with external systems or strict decoupling of environments. However, for internal use between your production and staging workspaces, managing permissions within Unity Catalog might suffice.

I hope this helps! Let me know if you have further questions.

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
yumnus
New Contributor III

a month ago

Hi!

A potential solution to your issue could be configuring read-only access to the schema in your production catalog. This approach allows you to securely share the production catalog with your staging workspace while ensuring that users in the staging workspace can only read data and cannot manipulate it. You will have to assign the production catalog to your staging workspace.

To implement this:

  1. Assign appropriate permissions (e.g. SELECT only) to the users or groups in the staging workspace for the specific schemas or tables you wish to share.
  2. Ensure no write privileges are granted to the staging workspace for the production catalog to maintain data integrity.

If you are considering Delta Sharing, it’s a robust alternative, especially for use cases that involve sharing data with external systems or strict decoupling of environments. However, for internal use between your production and staging workspaces, managing permissions within Unity Catalog might suffice.

I hope this helps! Let me know if you have further questions.

0 Kudos

Go to solution
jeremy98
New Contributor III
In response to yumnus

a month ago

Thank you,
for this amazing answer! I was reflecting on what you said and wanted to clarify:
Are you suggesting assigning read-only access to the staging workspace for the shared production catalog (shared by assigning the production catalog to the staging workspace) only?

0 Kudos

Go to solution
yumnus
New Contributor III
In response to jeremy98

a month ago

Yes.

You can assign your production catalog to the staging workspace and then define the permissions so that the needed schemas and tables can only be read/selected and not manipulated.

yumnus_0-1732704888830.png

yumnus_1-1732704908448.png

Schema level permissions:

yumnus_2-1732704955044.png

 

 

 

0 Kudos

Go to solution
jeremy98
New Contributor III
In response to yumnus

a month ago

Yes,
the privileges need to be assigned directly in the staging workspace for the shared prod_catalog. Currently, I seem to have full access.

Correct?

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements