cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Unity Catalog - External Table

Go to solution
Pat
Honored Contributor III

โ€Ž09-15-2022 07:56 AM

I am not sure if I am missing something, but I just created External Table using External Location and I can still access both data through the table and directly access files from the storage:image.png 

documentation:image.pnghttps://docs.databricks.com/data-governance/unity-catalog/create-tables.html#create-an-external-tabl...

Preview file
31 KB
Preview file
50 KB
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Pat
Honored Contributor III

โ€Ž10-07-2022 12:44 AM

I got the answer from the Databricks Support on this.

The point which has been mentioned in doc "Once a table is created in a path, users can no longer directly access the files in that path even if they have been given privileges on an external location or storage credential to do so. This is to ensure that users cannot circumvent access controls applied to tables by reading files from your cloud tenant directly." is a bit different. Consider there is User U4 who is having access to the external location but DO NOT have access to the table T1. In such a scenario the aforementioned point is applicable and we raise an error like โ€œPERMISSION_DENIED: trying to access path with conflicting external tablesโ€.

View solution in original post

4 REPLIES 4

Go to solution
Sivaprasad1
Valued Contributor II

โ€Ž09-15-2022 11:30 AM

@Pat Sienkiewiczโ€‹ : Have you tried to do select on the table with another user other than the owner who has permission to storage location?

0 Kudos

Go to solution
Pat
Honored Contributor III
In response to Sivaprasad1

โ€Ž09-15-2022 11:41 PM

I am using terraform to create storage credentials and external locations and the owner is not my user.

Still, I would expect as per documentation that even owner should not be able to access data via file path if table was created. I believe that I tested this before and worked, so not why this is happening now. Looks like bug to me.

0 Kudos

Go to solution
Anonymous
Not applicable

โ€Ž09-28-2022 01:05 AM

Hi @Pat Sienkiewiczโ€‹ 

Hope all is well! Just wanted to check in if you were able to resolve your issue and would you be happy to share the solution or mark an answer as best? Else please let us know if you need more help. 

We'd love to hear from you.

Thanks!

0 Kudos

Go to solution
Pat
Honored Contributor III

โ€Ž10-07-2022 12:44 AM

I got the answer from the Databricks Support on this.

The point which has been mentioned in doc "Once a table is created in a path, users can no longer directly access the files in that path even if they have been given privileges on an external location or storage credential to do so. This is to ensure that users cannot circumvent access controls applied to tables by reading files from your cloud tenant directly." is a bit different. Consider there is User U4 who is having access to the external location but DO NOT have access to the table T1. In such a scenario the aforementioned point is applicable and we raise an error like โ€œPERMISSION_DENIED: trying to access path with conflicting external tablesโ€.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements