<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Row and column level security on unity catalog in different approaches in Data Governance</title>
    <link>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160536#M2879</link>
    <description>&lt;P&gt;Yes.&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Row Level Security&lt;/STRONG&gt;&lt;/U&gt;&amp;nbsp;- You can&amp;nbsp;apply security directly to individual tables using direct commands. You u&lt;SPAN&gt;se&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;ALTER TABLE&amp;nbsp;&lt;/STRONG&gt; &lt;STRONG&gt;SET ROW FILTER&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;to attach a &lt;STRONG&gt;UDF&lt;/STRONG&gt; that returns&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;true/false&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;for each row, controlling which rows each user can see. It can be applied directly to one table at a time &amp;amp; the filter is transparent to users querying that table.&amp;nbsp;You attach a function to table &amp;amp; it filters data at query time&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;-- Create filter function
CREATE FUNCTION main.default.dept_filter(dept STRING)
RETURN dept = current_user() OR is_member('admins');

-- Apply to specific table
ALTER TABLE main.default.employees 
SET ROW FILTER catalog.schema.dept_filter ON (department);&lt;/LI-CODE&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Column Masks&lt;/STRONG&gt;&lt;/U&gt; - You u&lt;SPAN&gt;se&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;ALTER TABLE&lt;/STRONG&gt;&amp;nbsp;SET &lt;STRONG&gt;MASK&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;to attach a &lt;STRONG&gt;UDF&lt;/STRONG&gt; that transforms column values such as redacting SSN to&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;XXX&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;controlling what users see in specific columns. Its applied per column on each table &amp;amp; masking happens automatically at query time.&amp;nbsp;You attach function to column &amp;amp; it transforms at query time&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;-- Create mask function
CREATE FUNCTION main.default.mask_ssn(ssn STRING)
RETURN CASE WHEN is_member('HR') THEN ssn ELSE 'XXX' END;

-- Apply to specific column
ALTER TABLE main.default.employees 
SET MASK catalog.schema.mask_ssn ON (ssn_column);&lt;/LI-CODE&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Dynamic Views&lt;/STRONG&gt;&lt;/U&gt; - You c&lt;SPAN&gt;reate views with&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;CASE WHEN &lt;STRONG&gt;is_member&lt;/STRONG&gt;('group')&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;or&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;current_user&lt;/STRONG&gt;()&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;logic embedded in the&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;SELECT&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;statement to conditionally filter &lt;STRONG&gt;rows&lt;/STRONG&gt; or &lt;STRONG&gt;mask columns&lt;/STRONG&gt;. Users query the view instead of the base table &amp;amp; the security logic lives in the view definition. Its standard view with hardcoded logic like traditional world.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Row Level Security using Dynamic Views&lt;/STRONG&gt;&lt;/U&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;CREATE VIEW main.sales_filtered AS
SELECT *
FROM main.sales_raw
WHERE 
  -- Show all data to admins
  is_member('admins') 
  -- Show only US data to analysts
  OR (is_member('analysts') AND region = 'US')
  -- Show only user's own records to sales reps
  OR (is_member('sales_reps') AND sales_rep = current_user());&lt;/LI-CODE&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Column Level Security using Dynamic Views&lt;/STRONG&gt;&lt;/U&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;CREATE VIEW main.employees_masked AS
SELECT 
  employee_id,
  name,
  -- Mask SSN except for HR
  CASE WHEN is_member('HR') THEN ssn ELSE 'XXX' END AS ssn,
  -- Mask salary except for Finance
  CASE WHEN is_member('Finance') THEN salary ELSE NULL END AS salary,
  department
FROM main.employees_raw;&lt;/LI-CODE&gt;&lt;P&gt;&lt;SPAN&gt;Manual filters/masks secure the&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;base table&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;directly (actual table). Dynamic views create a&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;separate secured object&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;(users must query the &lt;STRONG&gt;view&lt;/STRONG&gt;)&lt;/SPAN&gt;&lt;/P&gt;&lt;TABLE border="1" width="56.25%"&gt;&lt;TBODY&gt;&lt;TR&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;Method&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;Security Location&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;User Queries&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;SPAN class=""&gt;Row Filter&lt;/SPAN&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;SPAN class=""&gt;UDF attached to table&lt;/SPAN&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;SPAN class=""&gt;Base table&lt;/SPAN&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="25%"&gt;&lt;SPAN&gt;Column Mask&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;SPAN&gt;UDF attached to column&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;SPAN&gt;Base table&lt;/SPAN&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD&gt;&lt;SPAN&gt;Dynamic View&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD&gt;&lt;SPAN&gt;Logic in view SQL&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD&gt;&lt;SPAN&gt;View&lt;/SPAN&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;/TBODY&gt;&lt;/TABLE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Thu, 25 Jun 2026 14:27:39 GMT</pubDate>
    <dc:creator>balajij8</dc:creator>
    <dc:date>2026-06-25T14:27:39Z</dc:date>
    <item>
      <title>Row and column level security on unity catalog in different approaches</title>
      <link>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160503#M2875</link>
      <description>&lt;P&gt;I have one task for you which is related to unity catalog I want to implement row and column level security on databricks for few tables please let me know&amp;nbsp; different kind of approaches and methods.&lt;/P&gt;&lt;P&gt;We are using azure cloud and databricks witj unity catalog enabled&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 25 Jun 2026 09:47:02 GMT</pubDate>
      <guid>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160503#M2875</guid>
      <dc:creator>Dolly0503</dc:creator>
      <dc:date>2026-06-25T09:47:02Z</dc:date>
    </item>
    <item>
      <title>Re: Row and column level security on unity catalog in different approaches</title>
      <link>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160506#M2876</link>
      <description>&lt;P&gt;Hi Rupa,&lt;/P&gt;&lt;P&gt;You can follow below for different approaches for implementing row and column level security&lt;/P&gt;&lt;H2&gt;&lt;FONT size="3"&gt;&lt;STRONG&gt;1. ABAC Policies (Attribute-Based Access Control)&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/H2&gt;&lt;P&gt;&lt;FONT size="3"&gt;ABAC is the new approach that uses&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;governed tags&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;to centrally enforce security across multiple tables dynamically. You can d&lt;/FONT&gt;&lt;FONT size="3"&gt;efine &lt;STRONG&gt;policies&lt;/STRONG&gt; once at catalog, schema, or table level and it automatically inherits to child objects. Its&amp;nbsp;&lt;/FONT&gt;&lt;SPAN&gt;&lt;STRONG&gt;Tag-driven &lt;/STRONG&gt;and it&amp;nbsp;applies dynamically to any table/column matching tag conditions for c&lt;/SPAN&gt;&lt;SPAN&gt;entralized management across entire scope. You can set 2 types of policies.&amp;nbsp;&lt;/SPAN&gt;&lt;FONT size="3"&gt;&lt;STRONG&gt;Row Filter Policies&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;controls which rows users can see.&amp;nbsp;&lt;/FONT&gt;&lt;FONT size="3"&gt;&lt;STRONG&gt;Column Mask Policies&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;redacts or transform column values based on its setup&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;FONT size="3"&gt;You m&lt;/FONT&gt;&lt;SPAN&gt;ust use&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;governed tags&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;(account-level tags with enforced values) and create&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;UDFs&lt;/STRONG&gt; (SQL or Python functions) for filter/mask logic.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;Serverless compute or Runtime 16.4+ is required.&lt;/SPAN&gt;&lt;/P&gt;&lt;H2&gt;&lt;FONT size="3"&gt;&lt;STRONG&gt;2. Manual Row Filters &amp;amp; Column Masks&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;- Table Based Security&lt;/FONT&gt;&lt;/H2&gt;&lt;P&gt;&lt;FONT size="3"&gt;You can apply security directly to individual tables using&lt;SPAN&gt;&amp;nbsp;simple&amp;nbsp;&lt;/SPAN&gt;commands. Its simpler for single-table scenarios but doesn't scale well as ABAC.&amp;nbsp;&lt;SPAN&gt;&lt;STRONG&gt;Row filters&lt;/STRONG&gt; restrict which rows a user can see in a table.&amp;nbsp;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;STRONG&gt;Column Masks&amp;nbsp;&lt;/STRONG&gt;control what values a user sees for specific columns&lt;/P&gt;&lt;P&gt;&lt;FONT size="3"&gt;&lt;STRONG&gt;Key difference from ABAC -&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;The m&lt;/SPAN&gt;anual filters/masks apply to ONE table at a time. ABAC policies apply dynamically across multiple tables based on tags. More details &lt;A href="https://docs.databricks.com/aws/en/data-governance/unity-catalog/filters-and-masks" target="_self"&gt;here&lt;/A&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;H2&gt;&lt;FONT size="3"&gt;&lt;STRONG&gt;3. Dynamic Views&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;- Traditional SQL Based Approach&lt;/FONT&gt;&lt;/H2&gt;&lt;P&gt;&lt;FONT size="3"&gt;You can create views with built-in &lt;STRONG&gt;conditional logic&lt;/STRONG&gt; using&lt;SPAN&gt;&amp;nbsp;is_account_group_member() type of&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;functions based on the cases.&amp;nbsp;&lt;SPAN&gt;It's used when you want to expose a curated, transformed or joined version of data to users who don't have access to the underlying tables. &lt;STRONG&gt;Its&amp;nbsp;&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;SPAN&gt;Simple, portable with no special requirements. It's&amp;nbsp;&lt;/SPAN&gt;&lt;FONT size="3"&gt;harder to maintain at scale.&lt;/FONT&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 25 Jun 2026 10:09:02 GMT</pubDate>
      <guid>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160506#M2876</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-06-25T10:09:02Z</dc:date>
    </item>
    <item>
      <title>Re: Row and column level security on unity catalog in different approaches</title>
      <link>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160533#M2878</link>
      <description>&lt;P&gt;Other than&amp;nbsp;&lt;FONT size="3"&gt;&lt;STRONG&gt;Attribute-Based Access Control&amp;nbsp;&lt;/STRONG&gt;any other approaches if possible could you please explain those approaches in detailed?&lt;/FONT&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 25 Jun 2026 14:03:07 GMT</pubDate>
      <guid>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160533#M2878</guid>
      <dc:creator>Dolly0503</dc:creator>
      <dc:date>2026-06-25T14:03:07Z</dc:date>
    </item>
    <item>
      <title>Re: Row and column level security on unity catalog in different approaches</title>
      <link>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160536#M2879</link>
      <description>&lt;P&gt;Yes.&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Row Level Security&lt;/STRONG&gt;&lt;/U&gt;&amp;nbsp;- You can&amp;nbsp;apply security directly to individual tables using direct commands. You u&lt;SPAN&gt;se&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;ALTER TABLE&amp;nbsp;&lt;/STRONG&gt; &lt;STRONG&gt;SET ROW FILTER&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;to attach a &lt;STRONG&gt;UDF&lt;/STRONG&gt; that returns&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;true/false&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;for each row, controlling which rows each user can see. It can be applied directly to one table at a time &amp;amp; the filter is transparent to users querying that table.&amp;nbsp;You attach a function to table &amp;amp; it filters data at query time&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;-- Create filter function
CREATE FUNCTION main.default.dept_filter(dept STRING)
RETURN dept = current_user() OR is_member('admins');

-- Apply to specific table
ALTER TABLE main.default.employees 
SET ROW FILTER catalog.schema.dept_filter ON (department);&lt;/LI-CODE&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Column Masks&lt;/STRONG&gt;&lt;/U&gt; - You u&lt;SPAN&gt;se&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;ALTER TABLE&lt;/STRONG&gt;&amp;nbsp;SET &lt;STRONG&gt;MASK&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;to attach a &lt;STRONG&gt;UDF&lt;/STRONG&gt; that transforms column values such as redacting SSN to&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;XXX&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;controlling what users see in specific columns. Its applied per column on each table &amp;amp; masking happens automatically at query time.&amp;nbsp;You attach function to column &amp;amp; it transforms at query time&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;-- Create mask function
CREATE FUNCTION main.default.mask_ssn(ssn STRING)
RETURN CASE WHEN is_member('HR') THEN ssn ELSE 'XXX' END;

-- Apply to specific column
ALTER TABLE main.default.employees 
SET MASK catalog.schema.mask_ssn ON (ssn_column);&lt;/LI-CODE&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Dynamic Views&lt;/STRONG&gt;&lt;/U&gt; - You c&lt;SPAN&gt;reate views with&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;CASE WHEN &lt;STRONG&gt;is_member&lt;/STRONG&gt;('group')&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;or&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;&lt;STRONG&gt;current_user&lt;/STRONG&gt;()&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;logic embedded in the&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class=""&gt;SELECT&lt;/SPAN&gt;&lt;SPAN&gt;&amp;nbsp;statement to conditionally filter &lt;STRONG&gt;rows&lt;/STRONG&gt; or &lt;STRONG&gt;mask columns&lt;/STRONG&gt;. Users query the view instead of the base table &amp;amp; the security logic lives in the view definition. Its standard view with hardcoded logic like traditional world.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Row Level Security using Dynamic Views&lt;/STRONG&gt;&lt;/U&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;CREATE VIEW main.sales_filtered AS
SELECT *
FROM main.sales_raw
WHERE 
  -- Show all data to admins
  is_member('admins') 
  -- Show only US data to analysts
  OR (is_member('analysts') AND region = 'US')
  -- Show only user's own records to sales reps
  OR (is_member('sales_reps') AND sales_rep = current_user());&lt;/LI-CODE&gt;&lt;P&gt;&lt;U&gt;&lt;STRONG&gt;Column Level Security using Dynamic Views&lt;/STRONG&gt;&lt;/U&gt;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;CREATE VIEW main.employees_masked AS
SELECT 
  employee_id,
  name,
  -- Mask SSN except for HR
  CASE WHEN is_member('HR') THEN ssn ELSE 'XXX' END AS ssn,
  -- Mask salary except for Finance
  CASE WHEN is_member('Finance') THEN salary ELSE NULL END AS salary,
  department
FROM main.employees_raw;&lt;/LI-CODE&gt;&lt;P&gt;&lt;SPAN&gt;Manual filters/masks secure the&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;base table&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;directly (actual table). Dynamic views create a&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;separate secured object&lt;/STRONG&gt;&lt;SPAN&gt;&amp;nbsp;(users must query the &lt;STRONG&gt;view&lt;/STRONG&gt;)&lt;/SPAN&gt;&lt;/P&gt;&lt;TABLE border="1" width="56.25%"&gt;&lt;TBODY&gt;&lt;TR&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;Method&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;Security Location&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;User Queries&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;SPAN class=""&gt;Row Filter&lt;/SPAN&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;DIV class=""&gt;&lt;SPAN class=""&gt;UDF attached to table&lt;/SPAN&gt;&lt;/DIV&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;SPAN class=""&gt;Base table&lt;/SPAN&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD width="25%"&gt;&lt;SPAN&gt;Column Mask&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;SPAN&gt;UDF attached to column&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD width="25%"&gt;&lt;SPAN&gt;Base table&lt;/SPAN&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD&gt;&lt;SPAN&gt;Dynamic View&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD&gt;&lt;SPAN&gt;Logic in view SQL&lt;/SPAN&gt;&lt;/TD&gt;&lt;TD&gt;&lt;SPAN&gt;View&lt;/SPAN&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;/TBODY&gt;&lt;/TABLE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 25 Jun 2026 14:27:39 GMT</pubDate>
      <guid>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160536#M2879</guid>
      <dc:creator>balajij8</dc:creator>
      <dc:date>2026-06-25T14:27:39Z</dc:date>
    </item>
    <item>
      <title>Re: Row and column level security on unity catalog in different approaches</title>
      <link>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160933#M2892</link>
      <description>&lt;P&gt;Hi Rupa,&lt;/P&gt;&lt;P&gt;One thing worth adding from running both dynamic views and column masking in production - the table above is a good way to think about the mechanics, but in practice the decision usually comes down to how many things are querying the same data, not which method is technically better.&lt;/P&gt;&lt;P&gt;If it's one table being queried directly by one tool, a row filter or column mask on the table itself is simple and does the job.&lt;/P&gt;&lt;P&gt;If the same data is being queried by more than one BI tool, or by different teams who need different views of it, dynamic views end up easier to manage. You can store them in Git, review changes like code, and update the security logic in one place without touching the actual table.&lt;/P&gt;&lt;P&gt;One mistake worth avoiding either way - always test these as a non-admin user. If you build a row filter or a secured view and test it while logged in as an admin, it'll look like it's working even when it isn't, because admin accounts usually bypass the restriction. Test it as the actual user group it's meant for before you ship it.&lt;/P&gt;</description>
      <pubDate>Tue, 30 Jun 2026 10:19:02 GMT</pubDate>
      <guid>https://community.databricks.com/t5/data-governance/row-and-column-level-security-on-unity-catalog-in-different/m-p/160933#M2892</guid>
      <dc:creator>savlahanish27</dc:creator>
      <dc:date>2026-06-30T10:19:02Z</dc:date>
    </item>
  </channel>
</rss>

