Databricks Community

Vivek_Mumbai · 15 hours ago

I am new to Databricks and trying to understand the concepts first, before getting into technical deepdive. I am a bit confused between Role Based Access Control and Unity Catalog. Both feature controls access to the data.

Can someone provide me the difference between the two?

Ashwin_DSA · 14 hours ago

Hi @Vivek_Mumbai,

Welcome to Databricks!

I typically use a library example when explaining Unity Catalog, and I’ll use the same one to explain RBAC.

Imagine a university library system serving multiple departments. There is a central catalog that knows every department, every branch, every section in each branch, every shelf in each section, and every book on each shelf. It also keeps track of who borrowed what, lets people search for books, and can show how a book is referenced in courses or reading lists. That’s Unity Catalog. It organises all your "books" (tables, files, models, etc.) in a hierarchy like Department → Branch → Section → Shelf → Book (metastore → catalog → schema → table/view), and then applies permissions and policies to those concrete objects.

The university also defines roles such as librarian, assistant, security guard, and member. Each role comes with powers. For example, librarians can add and remove books from the system, assistants can check books in and out, security can open and close doors but not touch the catalog, and members can borrow but not edit records. That’s role-based access control (RBAC). A general way of saying "people in this role can perform these actions," without yet talking about any specific branch or shelf.

When someone walks into a department or branch and tries to open a specific room or book, the library system looks at their role and at the rules on that room or book. Maybe everyone can walk into the Computer Science section, but only staff can enter the Quantum Computing area. Maybe professors can see full details in certain medical books while others see redacted pages. In Databricks terms, Unity Catalog is that system. It uses RBAC-style privileges (and more advanced, tag-based policies) to decide which user can see or change which data object, and at what level of detail.

Does that help?

If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***

View solution in original post

Ashwin_DSA · 14 hours ago

Hi @Vivek_Mumbai,

Welcome to Databricks!

I typically use a library example when explaining Unity Catalog, and I’ll use the same one to explain RBAC.

Imagine a university library system serving multiple departments. There is a central catalog that knows every department, every branch, every section in each branch, every shelf in each section, and every book on each shelf. It also keeps track of who borrowed what, lets people search for books, and can show how a book is referenced in courses or reading lists. That’s Unity Catalog. It organises all your "books" (tables, files, models, etc.) in a hierarchy like Department → Branch → Section → Shelf → Book (metastore → catalog → schema → table/view), and then applies permissions and policies to those concrete objects.

The university also defines roles such as librarian, assistant, security guard, and member. Each role comes with powers. For example, librarians can add and remove books from the system, assistants can check books in and out, security can open and close doors but not touch the catalog, and members can borrow but not edit records. That’s role-based access control (RBAC). A general way of saying "people in this role can perform these actions," without yet talking about any specific branch or shelf.

When someone walks into a department or branch and tries to open a specific room or book, the library system looks at their role and at the rules on that room or book. Maybe everyone can walk into the Computer Science section, but only staff can enter the Quantum Computing area. Maybe professors can see full details in certain medical books while others see redacted pages. In Databricks terms, Unity Catalog is that system. It uses RBAC-style privileges (and more advanced, tag-based policies) to decide which user can see or change which data object, and at what level of detail.

Does that help?

If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***