cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Unity Catalog - Databricks

udittyagi1994
New Contributor II

I have a unity catalog which is binded to multiple workspaces (Attached to Metastore), In both workspaces I have created different tables under this catalog will the Metastore admin will have access to these tables and data in those tables in different workspaces ?
If yes will the the Metastore admin can access the data from all the workspaces considering he has access to all the catalogs ?? Any help in understanding this would be appreciated.

5 REPLIES 5

rkalluri-apex
New Contributor III

Catalogs are only accesible from the workspaces which they are bound to, so the metastore admin wont be able to access them from all the workspaces. It is a best practice to have an empty group as metastore admin to avoid having some one too much power like you were alluding to. Once the catalogs are created ownership can be transferred to a admin group like data owners to govern themselves. You can always add members to the empty metastore admin group in break glass situations.

Thanks for answering, I would like to understand if my catalog is bound to multiple workspaces does the data in these catalogs will also be shared or the each workspace will it's own isolated data only accessible within a workspace ??

If a catalog is bound to a workspace, the users in that workspace who have privileges to catalog objects select, read files, write files, execute will be able to do so. you also need USE CATALOG and USE SCHEMA to list objects in that hierarchy to begin with. If you dont have grants on a catalog you wont even see it. If you do have access to a catalog and that catalog is not bound to the workspace you have logged into it will be greyed out and show as disabled.

udittyagi1994
New Contributor II

Unity Catalog acts as a single point of access for managing data across Databricks workspaces, which means with unity catalog a Metastore admin can manage the access permissions on the Data which comes under Unity catalog umbrella.
Data inside different workspaces will still be isolated to each workspace.

Please let me know if above understanding is correct ?

As long as the catalog is ISOLATED and bound to only one workspace you are correct. But you have the option to selective expose a subset to other workspaces and selective user groups if needed.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group