https://community.databricks.com/t5/data-governance/unity-catalog-model-artifacts-in-delta-sharing/m-p/139045#M2669 <P>Hi,</P><P>Removing EXECUTE does <STRONG>not</STRONG> hide artifacts.<BR />Model artifacts in Delta Sharing are accessible by design in the current implementation.</P><P>When you share a UC model via Delta Sharing, the full model package is delivered:</P><UL><LI><P>model weights</P></LI><LI><P>MLflow artifacts</P></LI><LI><P>code / notebooks used to build the model</P></LI><LI><P>environment files</P></LI><LI><P>any supplementary assets stored under artifacts/</P></LI></UL><P>Why?<BR />Because the receiving workspace needs the full bundle to reconstruct the MLflow model and enable Model Serving.</P><P>Removing <STRONG>EXECUTE</STRONG> only prevents <STRONG>using the model</STRONG> (e.g., in serving endpoints or load-and-predict).<BR />It does <STRONG>not</STRONG> hide or block access to artifacts that Delta Sharing delivers.</P><P>If a model version is shared through Delta Sharing, its artifacts will be discoverable.</P><H2><STRONG>Workaround&nbsp;</STRONG></H2><H3><STRONG>Option A: Serve the model from the <EM>provider</EM> workspace</STRONG></H3><P>Instead of sharing the entire model via Delta Sharing:</P><UL><LI><P>Keep the model private in the provider workspace</P></LI><LI><P>Expose only <STRONG>API endpoints</STRONG> for inference</P></LI><LI><P>Consumers never receive the model or artifacts</P></LI></UL><P>Most customers needing IP protection choose this approach.</P><H3><STRONG>Option B: Remove sensitive artifacts <EM>before</EM> registering the model</STRONG></H3><P>You can strip:</P><UL><LI><P>training notebooks</P></LI><LI><P>feature engineering code</P></LI><LI><P>large auxiliary files</P></LI></UL><P>And store only the minimal MLflow model needed for inference.</P><P>But note:<BR />If the consumer can load the MLflow model, they can still technically download the remaining artifact bundle.</P><P>I’d suggest submitting/raising the feature needed through your Databricks account team as well. I would expect this one to be on their radar.</P> Fri, 14 Nov 2025 10:02:17 GMT bianca_unifeye 2025-11-14T10:02:17Z https://community.databricks.com/t5/data-governance/unity-catalog-model-artifacts-in-delta-sharing/m-p/138992#M2668 <P>Hello, I want to ask if there's a way to hide the Artifacts inside the Artifacts tab/prevent access to the Artifacts tab of a Model in a Delta Sharing catalog? So the case is that the receiving Delta Sharing workspace is only used for Model Serving (region-exclusive feature), and we want to make sure that the user in the receiving workspace won't be able to see &amp; download the model code and other artifacts shared through Delta Sharing for privacy purposes.</P><P>Earlier this month the Artifacts tab was unable to be accessed so this wasn't an issue, but now suddenly all of the artifacts are open for access in the receiving Delta Sharing workspace. The permissions are currently turned on for all of them. Does removing EXECUTE help?<BR /><BR /></P><P>Thank you,&nbsp;</P><P>Satrio</P> Fri, 14 Nov 2025 03:55:04 GMT https://community.databricks.com/t5/data-governance/unity-catalog-model-artifacts-in-delta-sharing/m-p/138992#M2668 satriobagusp96 2025-11-14T03:55:04Z https://community.databricks.com/t5/data-governance/unity-catalog-model-artifacts-in-delta-sharing/m-p/139045#M2669 <P>Hi,</P><P>Removing EXECUTE does <STRONG>not</STRONG> hide artifacts.<BR />Model artifacts in Delta Sharing are accessible by design in the current implementation.</P><P>When you share a UC model via Delta Sharing, the full model package is delivered:</P><UL><LI><P>model weights</P></LI><LI><P>MLflow artifacts</P></LI><LI><P>code / notebooks used to build the model</P></LI><LI><P>environment files</P></LI><LI><P>any supplementary assets stored under artifacts/</P></LI></UL><P>Why?<BR />Because the receiving workspace needs the full bundle to reconstruct the MLflow model and enable Model Serving.</P><P>Removing <STRONG>EXECUTE</STRONG> only prevents <STRONG>using the model</STRONG> (e.g., in serving endpoints or load-and-predict).<BR />It does <STRONG>not</STRONG> hide or block access to artifacts that Delta Sharing delivers.</P><P>If a model version is shared through Delta Sharing, its artifacts will be discoverable.</P><H2><STRONG>Workaround&nbsp;</STRONG></H2><H3><STRONG>Option A: Serve the model from the <EM>provider</EM> workspace</STRONG></H3><P>Instead of sharing the entire model via Delta Sharing:</P><UL><LI><P>Keep the model private in the provider workspace</P></LI><LI><P>Expose only <STRONG>API endpoints</STRONG> for inference</P></LI><LI><P>Consumers never receive the model or artifacts</P></LI></UL><P>Most customers needing IP protection choose this approach.</P><H3><STRONG>Option B: Remove sensitive artifacts <EM>before</EM> registering the model</STRONG></H3><P>You can strip:</P><UL><LI><P>training notebooks</P></LI><LI><P>feature engineering code</P></LI><LI><P>large auxiliary files</P></LI></UL><P>And store only the minimal MLflow model needed for inference.</P><P>But note:<BR />If the consumer can load the MLflow model, they can still technically download the remaining artifact bundle.</P><P>I’d suggest submitting/raising the feature needed through your Databricks account team as well. I would expect this one to be on their radar.</P> Fri, 14 Nov 2025 10:02:17 GMT https://community.databricks.com/t5/data-governance/unity-catalog-model-artifacts-in-delta-sharing/m-p/139045#M2669 bianca_unifeye 2025-11-14T10:02:17Z