cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Unity catalog management

Go to solution
APJESK
Contributor

โ€Ž02-14-2026 02:54 PM

How is Unity Catalog managed in real time at an enterprise scale, including workspace-level restrictions, privilege-based ACLs, row- and column-level security, ABAC, and tag-driven governance, and which languages or tools are used to manage the entire data governance lifecycle?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
szymon_dybczak
Esteemed Contributor III

โ€Ž02-15-2026 09:00 AM

Hi @APJESK ,

The most common approach I've seen in enterprise is to use terraform to govern Unity Catalog. Below you can find a good series of articles that introduce this concept:

https://pl.seequality.net/terra-dbx-p1/

Databricks terraform provider is regular updated, so you can use it to automated even newly added features in UC like ABAC:

https://www.linkedin.com/pulse/unity-catalog-abac-setup-terraform-kristian-johannesen-ei8ze?utm_sour...

 

 

 

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
szymon_dybczak
Esteemed Contributor III

โ€Ž02-15-2026 09:00 AM

Hi @APJESK ,

The most common approach I've seen in enterprise is to use terraform to govern Unity Catalog. Below you can find a good series of articles that introduce this concept:

https://pl.seequality.net/terra-dbx-p1/

Databricks terraform provider is regular updated, so you can use it to automated even newly added features in UC like ABAC:

https://www.linkedin.com/pulse/unity-catalog-abac-setup-terraform-kristian-johannesen-ei8ze?utm_sour...

 

 

 

0 Kudos

Go to solution
SarthakManalwar
Databricks Partner

โ€Ž03-11-2026 12:49 AM

At an enterprise scale, Unity Catalog is centrally managed using a hub-and-spoke model where catalogs are isolated via workspace bindings to restrict specific data to designated environments.

Security is enforced through strict privilege-based Access Control Lists (ACLs) applied to hierarchical objects (Metastore, catalog, schema, table) using standard GRANT and REVOKE controls.

Fine-grained access, such as row-level filtering and column-level masking, is implemented dynamically using SQL functions evaluated against the querying user's identity.

Attribute-Based Access Control (ABAC) and tag-driven governance are handled by assigning metadata tags to data assets, allowing access policies or discovery to be automated based on data classification.

The entire data governance lifecycle is predominantly managed using Terraform (Infrastructure as Code) for automation, alongside SQL, Python (Databricks SDK), and Databricks REST APIs.

0 Kudos

Go to solution
APJESK
Contributor

a week ago

Thank you... Which roles ( workspace admin or Metastore Admin) are recommended to securely create and manage Unity Catalog objects (Storage Credentials, External Locations, Catalogs, Schemas, and Delta Sharing)?โ€ and why ?

0 Kudos
Announcements