cancel
Showing results for 
Search instead for 
Did you mean: 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to manage access for legacy catalogs (hive_metastore) in Terraform?

fuselessmatt
Contributor

We have been successfully managing access for our unity catalogs using the databricks_grant resources in Terraform. Now we want to enable the Rudderstack integration for Databricks, but that does not support unity catalog and instead put files inside the hive_metastore catalog (external metastore?). From the UI I can grant things like READ_METADATA and CREATE_NAMED_FUNCTION, but I can't find any resources that include these. Is this simply not possible?

Update: Rudderstack now release support for Unity Catalog, so we no longer have any use for this.

1 ACCEPTED SOLUTION

Accepted Solutions

Anonymous
Not applicable

@Mattias P​ :

Unfortunately, it is not currently possible to manage access to the Hive Metastore catalog (or other external metastores) using the databricks_grant resource in Terraform. This is because the databricks_grant resource is specifically designed to manage access to Databricks resources within the Databricks workspace, and external metastores are not within the workspace.

However, you may be able to manage access to the Hive Metastore catalog using a different method, such as creating custom roles and permissions in your Hive Metastore service, or using a separate tool to manage access to the metastore.

Alternatively, you could consider using Databricks as the metastore for Rudderstack instead of using an external metastore. This would allow you to continue using the databricks_grant resource in Terraform to manage access to the Rudderstack integration in Databricks.

View solution in original post

2 REPLIES 2

Anonymous
Not applicable

@Mattias P​ :

Unfortunately, it is not currently possible to manage access to the Hive Metastore catalog (or other external metastores) using the databricks_grant resource in Terraform. This is because the databricks_grant resource is specifically designed to manage access to Databricks resources within the Databricks workspace, and external metastores are not within the workspace.

However, you may be able to manage access to the Hive Metastore catalog using a different method, such as creating custom roles and permissions in your Hive Metastore service, or using a separate tool to manage access to the metastore.

Alternatively, you could consider using Databricks as the metastore for Rudderstack instead of using an external metastore. This would allow you to continue using the databricks_grant resource in Terraform to manage access to the Rudderstack integration in Databricks.

stropa
New Contributor II

Actually, it is possible to manage permissions for the legacy catalog with databricks_sql_permissions Resource:
https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/sql_permissions#...

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group