cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Machine Learning
Dive into the world of machine learning on the Databricks platform. Explore discussions on algorithms, model training, deployment, and more. Connect with ML enthusiasts and experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Lacking support for column-level select grants or attribute-based access control

Go to solution
Spencer_Kent
New Contributor III

โ€Ž03-21-2023 09:39 PM

In the Unity Catalog launch and its accompanying blog post, one of the primary selling points was a set of granular access control features that would at least partially eliminate the need to create a multitude of separate table views and the attendant complexity of managing this for a large set of users.

Beyond column-specific select grants:

GRANT SELECT(date, country) ON iot_events TO marketing

The launch also advertised a model for "attributed-based access control":

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email
ALTER TABLE users ADD ATTRIBUTE pii ON phone
 
GRANT SELECT ON DATABASE iot_data
  HAVING ATTRIBUTE NOT IN (pii)
  TO product_managers

I can find no mention of these features in the Databricks documentation, where the only section on column-level permissions within the Unity Catalog section suggests we use old-school SQL views to achieve column-level permissionsโ€”exactly the kind of thing that Unity Catalog claimed to solve.

My own attempts to use these features in a Databricks workspace suggest that they are not yet available (even column-specific select grants!).

Am I missing something here? Is there a method for doing column-specific access control that doesn't require generating a new view?

Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
mathan_pillai
Databricks Employee
Databricks Employee

โ€Ž04-13-2023 11:53 AM

Column-specific access without dynamic views is currently in private preview. You can work with Databricks accounts team to sign up for a private preview to get an early access. Once this is in GA, it will be generally available. Hope it clarifies.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
mathan_pillai
Databricks Employee
Databricks Employee

โ€Ž04-13-2023 11:53 AM

Column-specific access without dynamic views is currently in private preview. You can work with Databricks accounts team to sign up for a private preview to get an early access. Once this is in GA, it will be generally available. Hope it clarifies.

0 Kudos

Go to solution
Spencer_Kent
New Contributor III

โ€Ž04-17-2023 10:08 PM

Simply amazing that 2 years on from the initial announcement, this feature is not available. You released Unity Catalog missing one of it's most-hyped features.

0 Kudos

Go to solution
at-khatri
New Contributor

Tuesday

is this feature still in private preview?

0 Kudos

Go to solution
KaushalVachhani
Databricks Employee
Databricks Employee
In response to at-khatri

Tuesday

@at-khatri , Yes, Databricks has row-level filtering and column masking functionalities available, released last year.

https://docs.databricks.com/aws/en/data-governance/unity-catalog/filters-and-masks/

0 Kudos

Go to solution
Charuvil
New Contributor III

Tuesday

@at-khatri Databricks ABAC is in Public Preview now
https://docs.databricks.com/aws/en/data-governance/unity-catalog/abac/

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements