cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Unity Catalog - External Table

Pat
Honored Contributor III

I am not sure if I am missing something, but I just created External Table using External Location and I can still access both data through the table and directly access files from the storage:image.png 

documentation:image.pnghttps://docs.databricks.com/data-governance/unity-catalog/create-tables.html#create-an-external-tabl...

1 ACCEPTED SOLUTION

Accepted Solutions

Pat
Honored Contributor III

I got the answer from the Databricks Support on this.

The point which has been mentioned in doc "Once a table is created in a path, users can no longer directly access the files in that path even if they have been given privileges on an external location or storage credential to do so. This is to ensure that users cannot circumvent access controls applied to tables by reading files from your cloud tenant directly." is a bit different. Consider there is User U4 who is having access to the external location but DO NOT have access to the table T1. In such a scenario the aforementioned point is applicable and we raise an error like “PERMISSION_DENIED: trying to access path with conflicting external tables”.

View solution in original post

4 REPLIES 4

Sivaprasad1
Valued Contributor II

@Pat Sienkiewicz​ : Have you tried to do select on the table with another user other than the owner who has permission to storage location?

Pat
Honored Contributor III

I am using terraform to create storage credentials and external locations and the owner is not my user.

Still, I would expect as per documentation that even owner should not be able to access data via file path if table was created. I believe that I tested this before and worked, so not why this is happening now. Looks like bug to me.

Anonymous
Not applicable

Hi @Pat Sienkiewicz​ 

Hope all is well! Just wanted to check in if you were able to resolve your issue and would you be happy to share the solution or mark an answer as best? Else please let us know if you need more help. 

We'd love to hear from you.

Thanks!

Pat
Honored Contributor III

I got the answer from the Databricks Support on this.

The point which has been mentioned in doc "Once a table is created in a path, users can no longer directly access the files in that path even if they have been given privileges on an external location or storage credential to do so. This is to ensure that users cannot circumvent access controls applied to tables by reading files from your cloud tenant directly." is a bit different. Consider there is User U4 who is having access to the external location but DO NOT have access to the table T1. In such a scenario the aforementioned point is applicable and we raise an error like “PERMISSION_DENIED: trying to access path with conflicting external tables”.

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!