- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2025 06:24 AM
Dear all,
I am currently testing Lakebase for integration in our overall system. In particular I need to enable RLS on a Lakebase table, which is synced from a "Delta Streaming Table" in UC. Setting up the data sync was no trouble, in UC I am the owner of the table. Enabling RLS is somewhat more troublesome. Here is the steps, I have tried (without success):
- Create a Database role tied to my databricks User, which has all privileges including databricks_superuser (https://docs.databricks.com/aws/en/oltp/pg-roles)
- Open the SQL-Editor, select the Lakebase instance as compute.
- Run ALTER TABLE <my-table> ENABLE ROW LEVEL SECURITY; (https://www.postgresql.org/docs/17/ddl-rowsecurity.html)
- Get an error: "You must be Owner of the table" (Remember, in UC I am the owner).
I assume, that I am missing something here, how the interaction between databricks user and postgres role happens. So what am I missing?
Also: Are there any possibilities or plans to utilize UC Row-Filters with Lakebase (https://docs.databricks.com/aws/en/data-governance/unity-catalog/filters-and-masks/)? Would be nice to have an unified integrated RLS solution for Lakebase tables and Delta tables.
Greetings, Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2025 07:23 AM
Hello @DaPo!
Could you please confirm whether you are the owner of the table within the Lakebase Postgres (not just in Unity Catalog)?
Also, can you try creating a view on the synced table and then configure RLS on that view?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2025 11:58 PM
Hi @Advika,
yes, I was only owner in UC, the Lakebase owner is some databricks_writer, and features like RLS seem to be restricted. Since Lakebase is quite new, I do not yet fully understand the interaction between UC concepts and Lakebase concepts. Creating a view does the trick.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2025 03:57 AM
You can't sync RLS from UC tables to Lakebase (yet). You can either create separate RLS rules on PG or you can create a custom pipeline that can read from the RLS UC table and use JDBC to write into Lakebase directly.