cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Data Profile on a table is not securable object

Charuvil
New Contributor III

yesterday

Data Profile on a table is not a securable object in Unity Catalog or at Workspace level. This make the management of Data Profiles difficult for workspace admins.
Why isnโ€™t โ€œprofileโ€ a securable object in Databricks? It makes sense to require โ€œManageโ€ permission on a table to create or access its โ€œprofile.โ€ However, as the profile creator (Owner), I donโ€™t want every user with โ€œManageโ€ permission on the table to be able to access, refresh, or delete the profile. Also, profiles arenโ€™t sharable across workspacesโ€”for example, if I create a profile on a table in workspace A and share the table with workspace B, even I canโ€™t edit or refresh the profile from workspace B. What is the reasoning behind this design? Profiles are tied to a workspace, while tables can be shared across workspaces.

Labels:
0 Kudos
2 REPLIES 2

nayan_wylde
Esteemed Contributor

yesterday

 

 

  • Profiles are metadata artifacts, not core data objects
    Unity Catalogโ€™s securable objects (catalogs, schemas, tables, views, functions, etc.) are designed around data governance and lineage. Profiles are considered derived metadata for exploratory purposes rather than a governance-critical asset. So, they werenโ€™t included in the securable hierarchy.

  • Workspace-scoped feature
    Profiles are tied to the workspace because they rely on the compute and UI context of that workspace. This makes them non-portable across workspacesโ€”even if the underlying table is sharedโ€”because the profile rendering and refresh logic depend on workspace-specific resources.

  • Simplified permission model
    Databricks assumes that if you have Manage permission on a table, you can generate or delete its profile. This avoids introducing a new permission type and complexity in the ACL model. However, this does create the issue you mentioned: profile creators cannot restrict other managers from editing or deleting profiles.

Why canโ€™t profiles be shared across workspaces?

  • Profiles are not stored in Unity Catalog; they live in the workspaceโ€™s metadata store. When you share a table across workspaces, only the table object and its lineage are sharedโ€”not workspace-specific artifacts like profiles, dashboards, or queries.

 

0 Kudos

Raman_Unifeye
Contributor III

yesterday

well no concrete answer on why, perhaps Data Profile is treated as ephemeral, computed metadata or a snapshot of summary statistics (like min/max, distinct counts, etc.). It is created by a user's compute job within a specific workspace environment. It may not be considered a core, persistent data asset in the same vein as a table or view, which are the focus of UC's centralized governance.

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements