Chapter 5. Access Controls and Permissions Model
The more privilege you have, the more opportunity you have. The more opportunity you have, the more responsibility you have.
Noam Chomsky
In Chapter 1, we introduced the lakehouse paradigm and explained how Databricks Platform stores the data in the cloud object storage and provides an optimization layer for efficient querying and ACID properties. In Chapter 3, we explored identity management concepts and touched upon access management. In this chapter, we describe how Unity Catalog secures the data and AI assets, various access control mechanisms, permissions models, and how you can design a scalable data architecture. We also discuss different governance models and how our fictional organization Nexa Boutique leveraged Unity Catalog to design a federated governance model with centralized policies.
Access Management
Chapter 3 briefly mentioned workspace and Unity Catalog securables. The access controls for workspace securables are applied at the workspace level, and the access controls for Unity Catalog securables are applied at the Unity Catalog metastore level. This is depicted in Figure 5-1.
Figure 5-1. Access controls for Databricks workspace and Unity Catalog securables
From the access management perspective, you can think of a Databricks workspace as a combination of project and compute layers. The workspace securables ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access