Currently, Databricks allows us to grant access to catalogs, schemas, and objects individually, but this process can be repetitive and time-consuming when managing access for multiple applications across different schemas. A feature that enables the creation of roles that encapsulate a set of permissions (e.g., read, write, manage) at the catalog or schema level would greatly simplify the access management process.
For instance, creating a role such as Application_Admin with permissions to multiple schemas or objects within a catalog and assigning this role to AD groups or service accounts would significantly reduce administrative overhead. This would not only streamline user onboarding and access management but also improve security by providing a standardized method of managing access.
Feature Request:
- Ability to create custom roles with predefined permissions.
- The ability to assign these roles to AD groups, service accounts, or individual users.
- Support for role inheritance where a higher-level role can inherit permissions from lower-level roles.
This feature would help large organizations manage access control in a more efficient and secure manner.
