Ownership of the Unity Catalog (UC) Metastore gives you permission to grant permissions to the metastore (e.g. Create Catalog). Large Organizations take one of three approaches to UC Metastore ownership (Service Principal, Global Data Admin group or No owner). Before we explore the options, these days, the best practice for large organizations with the UC Metastore is to not use a default storage account, but to use storage accounts (buckets) with each catalog. Now on to the three options for sharing ownership of the UC metastore:
1. The UC Metastore is owned by a service principal and all configuration is performed using Automation (Terraform). The strength of automation is the full set of controls, review and workflow that is available.
2. The UC Metastore is owned by a group of global data admin people, all with equal access and responsibility.
With this, create a group, add your global data admins (Need not be day to day data permission admins)
3. The UC Metastore is owned by no-one, this is suitable for a distributed governance model where no group of admins is to be put above another group.
Below, we show setting the UC Metastore owner to no owner, recommended for distributed data governance model:
Final Note: An important part of Metastore management strategy is delegating permissions. As an UC Metastore owner, you can give permissions to a group (recommended), individual or service principal. In this example, we've defined a business unit one data admin group and given them permissions to manage storage credentials, external locations, the ability to create catalogs and a few other permissions.
This information may be important when it comes to Enabling System Schemas and other tasks.
Sharing can be challenging at times, do not split the metastore, as in the future you will come to regret this decision. With the options listed above, you should be able to proceed with a great deal of confidence in making the right decision.
