cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Get Started Discussions
Start your journey with Databricks by joining discussions on getting started guides, tutorials, and introductory topics. Connect with beginners and experts alike to kickstart your Databricks experience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

hive_metastore Access Control by different cluster type

DeltaTrain
New Contributor II

‎08-09-2023 03:01 PM

Hello Databricks Community,

I'm reaching out with a query regarding access control in the hive_metastore. I've encountered behavior that I'd like to understand better and potentially address.

To illustrate the situation:

  • I've set up three users for testing purposes: admin, dataengineer1, and dataanalyst1.
  • The admin user granted permissions to dataengineer1 for three specific tables: circuits, country_regions, and results.

Case 1: When using SQL Warehouse (as seen in the screenshot, labeled as serverless-sql-wh) or a Cluster with shared Access mode, dataengineer1 can only view the tables they have permissions for. This is the expected behavior.

 DeltaTrain_0-1691616911858.png

Case 2: However, when a Single User Access mode cluster is activated (in the screenshot, labeled as dataengineer1@d...), dataengineer1 can view all schemas and tables. This is not the desired behavior.

DeltaTrain_1-1691617650542.png

 

I'm hoping to find a solution that ensures even in Single User Access Mode, users can only access Schemas and Tables for which they have permission.

Any insights or suggestions would be greatly appreciated. I value the expertise of this community and look forward to your responses.

Thank you

 





 
0 Kudos
3 REPLIES 3

Debayan
Databricks Employee
Databricks Employee

‎08-21-2023 12:55 AM

Hi, could you please elaborate on the permissions on the cluster and who has deployed it? Also, please refer to the limitations here: https://docs.databricks.com/en/clusters/configure.html#assigned-limitations

Please tag @Debayan with your next comment, which will get me notified. Thanks!

0 Kudos

DeltaTrain
New Contributor II

‎08-22-2023 04:01 AM

Hi @Debayan, thank you for your reply.  

with hive_metastore, still I cannot get the level of isolation, which means that if anyone activates the Single node cluster, she/he can see all the catalog, schema, and table. 

However, with Unity catalog application, I can get the level of isolation that I want. So rather than trying to find any solution with hive_metastore, I will switch to Unity Catalog application. 

thanks!

 

0 Kudos

Debayan
Databricks Employee
Databricks Employee
In response to DeltaTrain

‎08-22-2023 10:07 PM

Hi, Thanks for your confirmation. Yes, that would be better. 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements