Unity Catalog: Access Control, Lineage & Marketplace
Centralized governance with Unity Catalog for access control, lineage, and data sharing
Unity Catalog Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β UNITY CATALOG ARCHITECTURE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β METASTORE (One per region) β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β β
β β CATALOGS β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β Catalog: dataengineering β β β
β β β ββββββββββββββββββββββββββββββββββββββββββββββ β β β
β β β β Schema: raw β β β β
β β β β ββββββββββββββββββββββββββββββββββββββββββ β β β β
β β β β β Tables: sales_raw, inventory_raw β β β β β
β β β β β Volumes: /mnt/raw_files β β β β β
β β β β β Functions: validate_data β β β β β
β β β ββββββββββββββββββββββββββββββββββββββββββ β β β β
β β β ββββββββββββββββββββββββββββββββββββββββββββββ β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β
β β ACCESS CONTROL: β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β Principal β Catalog β Schema β Permissions β β β
β β β βββββββββββββββββββββββββββββββββββββββββββββββββββ β β β
β β β Data Engineers β dataeng β raw β SELECT, MODIFYβ β β
β β β Data Analysts β dataeng β curatedβ SELECT β β β
β β β ML Engineers β dataeng β featureβ SELECT β β β
β β β Admins β dataeng β ALL β ALL β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β
β β LINEAGE: β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β Table ββ> Notebook ββ> Table ββ> Dashboard β β β
β β β Auto-captured from Spark SQL and notebooks β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Access Control Implementation
# Unity Catalog access control
from databricks.sdk import WorkspaceClient
from databricks.sdk.service import catalog
w = WorkspaceClient()
# Grant SELECT on table
w.grants.update(
full_name="dataengineering.curated.fact_sales",
principal="data-analysts@company.com",
privileges=["SELECT"]
)
# Grant MODIFY on schema
w.grants.update(
full_name="dataengineering.raw",
principal="data-engineers@company.com",
privileges=["SELECT", "MODIFY", "CREATE TABLE"]
)
# Revoke access
w.grants.update(
full_name="dataengineering.curated.fact_sales",
principal="former-employee@company.com",
privileges=["SELECT"],
action="REVOKE"
)
Lineage Tracking
# Get table lineage
lineage = w.table_lineage.get(
table_name="dataengineering.curated.fact_sales"
)
for upstream in lineage.upstreams:
print(f"Upstream: {upstream.table_name}")
for downstream in lineage.downstreams:
print(f"Downstream: {downstream.table_name}")
Data Sharing (Delta Sharing)
# Create share
w.shares.create(
name="sales_data_share",
comment="Shared sales data for partners"
)
# Add table to share
w.shares.update(
name="sales_data_share",
add=[
catalog.ShareTableAdd(
table_name="dataengineering.curated.fact_sales"
)
]
)
# Create recipient
w.recipients.create(
name="partner_recipient",
authentication_type="TOKEN",
sharing_code="partner-code"
)
βΉοΈ
Pro Tip: Use Unity Catalog for all data access governance in Databricks. It provides column-level masking, row-level security, and automatic lineage tracking.
Interview Questions
Q1: What are the three levels of the Unity Catalog hierarchy? A: Catalog β Schema β Table/View/Volume. Each level supports access control grants, enabling fine-grained permissions management.
Q2: How does Unity Catalog differ from workspace-level access control? A: Workspace-level control is per-workspace. Unity Catalog provides cross-workspace governance with a central metastore, enabling consistent access policies across all workspaces.
Q3: What is the benefit of automatic lineage in Unity Catalog? A: Automatic lineage tracks data flow from source to consumption, enabling impact analysis, debugging, and compliance reporting without manual documentation.