cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Advice regarding retaining environment-specific access when applying Unity Catalog to workspaces split by environment

Kayl669
New Contributor III

‎01-12-2023 08:14 AM

My org is considering a transition from hive metastore to unity catalog. We currently have a workspace for each of dev/uat/production and each of those provide access to their respective blob storage account data. Unity Catalog sits at the account-level and bridges the workspaces; which seem to enable a user (with justifiable access to all envs) to access prod data from any workspace as there doesn't seem to be a way to deny a user the ability to switch catalog (or even set what the default catalog is) within a particular workspace. How can we steer/force users to use each environment-specific workspace as intended?

Labels:
0 Kudos
5 REPLIES 5

LandanG
Honored Contributor

‎01-12-2023 08:36 AM

Hi @James H​ ,

I believe you're describing something that will be addressed with a feature called "Catalog to workspace bindings". For example, only prod data can be accessed in prod workspaces. This feature is slated to be released hopefully by the end of January

4kb_nick
New Contributor III
In response to LandanG

‎02-03-2023 07:23 PM

This would be really great. I’m helping a client build a new lakehouse in Azure and this is one of the only things I’m stuck on with the proposed architecture. Catalog to workspace binding would really solve that problem.

in the interim, is there any way to leverage cluster policies to force the default catalog on a cluster and prevent the user from changing it?

0 Kudos

js54123875
New Contributor III
In response to LandanG

‎05-05-2023 08:32 AM

Hi @Landan George​ - Is "Catalog to workspace bindings" available? I cannot find any documentation on it.

0 Kudos

Debayan
Esteemed Contributor III

‎01-12-2023 12:09 PM

Hi, Please refer : https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html and let us know if this helps.

0 Kudos

Kayl669
New Contributor III

‎01-13-2023 01:42 AM

I did find this document which indicates that you can set the initial catalog on cluster start:: https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/hive-metastore#diff...

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements