cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unity Catalog Model Artifacts in Delta Sharing

satriobagusp96
Visitor

yesterday - last edited yesterday

Hello, I want to ask if there's a way to hide the Artifacts inside the Artifacts tab/prevent access to the Artifacts tab of a Model in a Delta Sharing catalog? So the case is that the receiving Delta Sharing workspace is only used for Model Serving (region-exclusive feature), and we want to make sure that the user in the receiving workspace won't be able to see & download the model code and other artifacts shared through Delta Sharing for privacy purposes.

Earlier this month the Artifacts tab was unable to be accessed so this wasn't an issue, but now suddenly all of the artifacts are open for access in the receiving Delta Sharing workspace. The permissions are currently turned on for all of them. Does removing EXECUTE help?

Thank you, 

Satrio

0 Kudos
1 REPLY 1

bianca_unifeye
New Contributor II

8 hours ago

Hi,

Removing EXECUTE does not hide artifacts.
Model artifacts in Delta Sharing are accessible by design in the current implementation.

When you share a UC model via Delta Sharing, the full model package is delivered:

  • model weights

  • MLflow artifacts

  • code / notebooks used to build the model

  • environment files

  • any supplementary assets stored under artifacts/

Why?
Because the receiving workspace needs the full bundle to reconstruct the MLflow model and enable Model Serving.

Removing EXECUTE only prevents using the model (e.g., in serving endpoints or load-and-predict).
It does not hide or block access to artifacts that Delta Sharing delivers.

If a model version is shared through Delta Sharing, its artifacts will be discoverable.

Workaround 

Option A: Serve the model from the provider workspace

Instead of sharing the entire model via Delta Sharing:

  • Keep the model private in the provider workspace

  • Expose only API endpoints for inference

  • Consumers never receive the model or artifacts

Most customers needing IP protection choose this approach.

Option B: Remove sensitive artifacts before registering the model

You can strip:

  • training notebooks

  • feature engineering code

  • large auxiliary files

And store only the minimal MLflow model needed for inference.

But note:
If the consumer can load the MLflow model, they can still technically download the remaining artifact bundle.

I’d suggest submitting/raising the feature needed through your Databricks account team as well. I would expect this one to be on their radar.

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements