cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Machine Learning
Dive into the world of machine learning on the Databricks platform. Explore discussions on algorithms, model training, deployment, and more. Connect with ML enthusiasts and experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lacking support for column-level select grants or attribute-based access control

Go to solution
Spencer_Kent
New Contributor III

‎03-21-2023 09:39 PM

In the Unity Catalog launch and its accompanying blog post, one of the primary selling points was a set of granular access control features that would at least partially eliminate the need to create a multitude of separate table views and the attendant complexity of managing this for a large set of users.

Beyond column-specific select grants:

GRANT SELECT(date, country) ON iot_events TO marketing

The launch also advertised a model for "attributed-based access control":

ALTER TABLE iot_events ADD ATTRIBUTE pii ON email
ALTER TABLE users ADD ATTRIBUTE pii ON phone
 
GRANT SELECT ON DATABASE iot_data
  HAVING ATTRIBUTE NOT IN (pii)
  TO product_managers

I can find no mention of these features in the Databricks documentation, where the only section on column-level permissions within the Unity Catalog section suggests we use old-school SQL views to achieve column-level permissions—exactly the kind of thing that Unity Catalog claimed to solve.

My own attempts to use these features in a Databricks workspace suggest that they are not yet available (even column-specific select grants!).

Am I missing something here? Is there a method for doing column-specific access control that doesn't require generating a new view?

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
mathan_pillai
Databricks Employee
Databricks Employee

‎04-13-2023 11:53 AM

Column-specific access without dynamic views is currently in private preview. You can work with Databricks accounts team to sign up for a private preview to get an early access. Once this is in GA, it will be generally available. Hope it clarifies.

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
mathan_pillai
Databricks Employee
Databricks Employee

‎04-13-2023 11:53 AM

Column-specific access without dynamic views is currently in private preview. You can work with Databricks accounts team to sign up for a private preview to get an early access. Once this is in GA, it will be generally available. Hope it clarifies.

0 Kudos

Go to solution
Spencer_Kent
New Contributor III

‎04-17-2023 10:08 PM

Simply amazing that 2 years on from the initial announcement, this feature is not available. You released Unity Catalog missing one of it's most-hyped features.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements