![]() See (Recommended) Transfer ownership of your metastore to a group. Databricks recommends that you reassign the metastore admin role to a group. The metastore admin can create top-level objects in the metastore such as catalogs and can manage access to tables and other objects. The user who creates a metastore is its owner, also called the metastore admin. When prompted, select workspaces to link to the metastore.įor more information about assigning workspaces to metastores, see Enable a workspace for Unity Catalog. The S3 bucket path (you can omit s3://) and IAM role name for the bucket and role you created in Configure a storage bucket and IAM role in AWS. Make sure that this matches the region of the storage bucket you created earlier. This must be in the same region as the workspaces you want to use to access the data. The region where you want to deploy the metastore. Log in to the Databricks account console. The metastore will use the the S3 bucket and IAM role that you created in the previous step. You can access data in other metastores using Delta Sharing. Each linked workspace has the same view of the data in the metastore, and data access control can be managed across workspaces. You can link each of these regional metastores to any number of workspaces in that region. You create a metastore for each region in which your organization operates. Each metastore exposes a three-level namespace ( catalog. A metastore is the top-level container for data in Unity Catalog. To use Unity Catalog, you must create a metastore. In the sts:ExternalId section, replace with the Databricks account ID you found in step 1 (not your AWS account ID).Ĭreate your first metastore and attach a workspace Replace and with your actual IAM role values. For information about self-assuming roles, see this Amazon blog article. The second role ARN is a self-reference to the role you are creating, because the role must be self-assuming. This is a static value that references a role created by Databricks. Paste the following policy JSON into the Trust Relationship tab.ĭo not modify the first role ARN in the Principal section. Your role must also be configured to be self-assuming, that is, to trust itself. ![]() Set up a cross-account trust relationship so that Unity Catalog can assume the role to access the data in the bucket on behalf of Databricks users. If you enable KMS encryption on the S3 bucket, make a note of the name of the KMS encryption key.Ĭreate an IAM role that allows access to the S3 bucket. For more bucket naming guidance, see the AWS bucket naming rules. The bucket name cannot include dot notation (for example, ). You can also grant row- or column-level privileges using dynamic views. You will use this compute resource when you run queries and commands, including grant statements on data objects that are secured in Unity Catalog.Ĭatalogs hold the schemas (databases) that in turn hold the tables that your users work with.įor each level in the data hierarchy (catalogs, schemas, tables), you grant privileges to users, groups, or service principals. In a workspace, create at least one compute resource: either a cluster or SQL warehouse. To set up data access for your users, you do the following: (Optional) Transfer your metastore admin role to a group. Each workspace will have the same view of the data that you manage in Unity Catalog.Īdd users, groups, and service principals to your Databricks account.įor existing Databricks accounts, these identities are already present. This metastore functions as the top-level container for all of your data in Unity Catalog.Īs the creator of the metastore, you are its owner and metastore admin.Īttach workspaces to the metastore. To enable your Databricks account to use Unity Catalog, you do the following:Ĭonfigure an S3 bucket and IAM role that Unity Catalog can use to store and access managed table data in your AWS account.Ĭreate a metastore for each region in which your organization operates. For detailed step-by-step instructions, see the sections that follow this one. This section provides a high-level overview of how to set up your Databricks account to use Unity Catalog and create your first tables. Discover and manage data using Data Explorer.Automate Unity Catalog setup using Terraform. ![]() Upgrade tables and views to Unity Catalog. ![]() Work with Unity Catalog and the legacy Hive metastore.Capture and view data lineage with Unity Catalog.Manage external locations and storage credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |