Comment on page
Databricks: Managing Access to Managed Tables in Unity Catalog
In this tutorial, you'll learn how to configure Grant Kits to automate access and revocation to a securable object in the Databricks Unity Catalog. This use case allows you to model fine-grained access for your Databricks deployment.
We will be using the Databricks Databricks: Managing Access to Groups Starter Kit as a base and modify it to work with the Databricks Unity Catalog.
- 1.Make sure you have:
- A Databricks account
- 2.Make sure you setup:
- 1.
- 2.
- 3.
Unity Catalog allows you to configure fine-grained access to securable objects such as:
- 1.Metastore
- 2.Catalogs
- 3.Schemas (Databases)
- 4.Tables
- 5.Views
- 6.Storage Credentials
- 7.Storage Locations
- 8.Delta Sharing Share Grants
Permission grants for securable objects are hierarchical. This means, for example, granting access to a Catalog or Schema automatically grants the privilege to current and all future objects within the Catalog or Schema, with the exception of Metastore grants.
main.tf
1
resource "abbey_grant_kit" "databricks_pii_group" {
2
...
3
4
output = {
5
...
6
7
append = <<-EOT
8
- resource "databricks_group_member" "group_member_{{ .data.system.abbey.identities.databricks.tf_resource_id }}" {
9
- group_id = ${databricks_group.pii_group.id}
10
- member_id = {{ .data.system.abbey.identities.databricks.tf_resource_id }}
11
+ resource "databricks_grant" "grant_pii_table" {
12
+ table = "main.reporting.pii_customers"
13
+
14
+ grant {
15
+ principal = ${databricks_group.pii_group.id}
16
+ privileges = ["MODIFY", "SELECT"]
17
+ }
18
}
19
EOT
20
}
21
}
Instead of using the
databricks_group_member
resource, we want to use the databricks_grant
resource and specify a table
alongside a grant
attribute. We're able to reuse our databricks_group.pii_group.id
as the principal. This resource was configured in the Databricks Databricks: Managing Access to Groups guide.For more ideas on how you can manage other securable objects, visit the official Databricks Terraform Provider documentation on Grants.
Follow instructions from the Databricks Databricks: Managing Access to Groups to deploy your newly configured Grant Kit with Unity Catalog.