# Databricks: Managing Access to Managed Tables in Unity Catalog In this tutorial, you'll learn how to configure [#grant-kits](https://docs.abbey.io/how-abbey-works/concepts#grant-kits "mention") to automate access and revocation to a securable object in the [Databricks Unity Catalog](https://docs.databricks.com/data-governance/unity-catalog/index.html). This use case allows you to model fine-grained access for your Databricks deployment. We will be using the Databricks [databricks-managing-access-to-groups](https://docs.abbey.io/getting-started/tutorials/databricks-managing-access-to-groups "mention") Starter Kit as a base and modify it to work with the Databricks Unity Catalog. ## Before you start 1. **Make sure you have:** * An [Abbey account](https://app.abbey.so/sign-up) * An [Abbey API Token](https://docs.abbey.io/admin/managing-api-tokens#creating-new-api-tokens) * A Databricks account 2. **Make sure you setup:** 1. A [Databricks Starter Kit](https://github.com/abbeylabs/abbey-starter-kit-databricks) by following [get-a-starter-kit](https://docs.abbey.io/build-a-grant-kit/get-a-starter-kit "mention") 2. A Connection to a repo by following [connect-a-repo](https://docs.abbey.io/build-a-grant-kit/connect-a-repo "mention") 3. Your account to [enable Databricks Unity Catalog](https://docs.databricks.com/data-governance/unity-catalog/get-started.html#overview-of-unity-catalog-setup) ## Step 1: Configure a Managed Table Grant Unity Catalog allows you to configure fine-grained access to securable objects such as: 1. Metastore 2. Catalogs 3. Schemas (Databases) 4. Tables 5. Views 6. Storage Credentials 7. Storage Locations 8. Delta Sharing Share Grants Permission grants for securable objects are hierarchical. This means, for example, granting access to a Catalog or Schema automatically grants the privilege to current and all future objects within the Catalog or Schema, with the exception of Metastore grants. For our use case, let's manage access to a [Managed Table](https://docs.databricks.com/data-governance/unity-catalog/index.html#tables). {% code title="main.tf" lineNumbers="true" %} ```diff resource "abbey_grant_kit" "databricks_pii_group" { ... output = { ... append = <<-EOT - resource "databricks_group_member" "group_member_{{ .data.system.abbey.identities.databricks.tf_resource_id }}" { - group_id = ${databricks_group.pii_group.id} - member_id = {{ .data.system.abbey.identities.databricks.tf_resource_id }} + resource "databricks_grant" "grant_pii_table" { + table = "main.reporting.pii_customers" + + grant { + principal = ${databricks_group.pii_group.id} + privileges = ["MODIFY", "SELECT"] + } } EOT } } ``` {% endcode %} Instead of using the `databricks_group_member` resource, we want to use the `databricks_grant` resource and specify a `table` alongside a `grant` attribute. We're able to reuse our `databricks_group.pii_group.id` as the principal. This resource was configured in the Databricks [databricks-managing-access-to-groups](https://docs.abbey.io/getting-started/tutorials/databricks-managing-access-to-groups "mention") guide. {% hint style="info" %} For more ideas on how you can manage other securable objects, visit the official [Databricks Terraform Provider documentation on Grants](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants). {% endhint %} ## Step 2: Deploy Your Starter Kit Follow instructions from the Databricks [databricks-managing-access-to-groups](https://docs.abbey.io/getting-started/tutorials/databricks-managing-access-to-groups "mention") to deploy your newly configured Grant Kit with Unity Catalog. ## Next Steps To learn more about what [resources](https://docs.abbey.io/resources "mention") you can configure, try one of our [Tutorials](https://docs.abbey.io/getting-started/tutorials). For more information on how Abbey works, visit the [concepts](https://docs.abbey.io/how-abbey-works/concepts "mention") or [grant-kits](https://docs.abbey.io/reference/grant-kits "mention") page. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.abbey.io/getting-started/tutorials/databricks-managing-access-to-managed-tables-in-unity-catalog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.