In the Unity Catalog launch and its accompanying blog post, one of the primary selling points was a set of granular access control features that would at least partially eliminate the need to create a multitude of separate table views and the attendant complexity of managing this for a large set of users.
Beyond column-specific select grants:
GRANT SELECT(date, country) ON iot_events TO marketing
The launch also advertised a model for "attributed-based access control":
ALTER TABLE iot_events ADD ATTRIBUTE pii ON email
ALTER TABLE users ADD ATTRIBUTE pii ON phone
GRANT SELECT ON DATABASE iot_data
HAVING ATTRIBUTE NOT IN (pii)
TO product_managers
I can find no mention of these features in the Databricks documentation, where the only section on column-level permissions within the Unity Catalog section suggests we use old-school SQL views to achieve column-level permissions—exactly the kind of thing that Unity Catalog claimed to solve.
My own attempts to use these features in a Databricks workspace suggest that they are not yet available (even column-specific select grants!).
Am I missing something here? Is there a method for doing column-specific access control that doesn't require generating a new view?
