Advancing Spark - Row-Level Security and Dynamic Masking with Unity Catalog
HTML-код
- Опубликовано: 29 июл 2024
- Filtering datasets based on the querying user has long been data governance nightmare, with various tools having their own different approaches. With Databricks previously, we had the is_member() function and a variety of custom view approaches, but that all changes with the new secure table settings in Unity Catalog!
In this video, Simon walks through the revamped Unity Catalog security demo, looking at row level security, shared approaches and dynamic column masking!
For more details on the approaches, take a look at the tutorial here: www.databricks.com/resources/...
And, as always, if you need help building a world-class Lakehouse with cutting-edge governance, give Advancing Analytics a call
Does it work nested columns!
how can it mask other datatype like timestamp or map? It's a very very simple example so I think it can not apply for data governance comprehensively
How about performance if we use column level masking on huge tables ?
Hello @Simon
I require your assistance with a specific use case. Suppose I create a view using the `%sql` declaration with the `CREATE OR REPLACE VIEW` statement and grant the Databricks group 'X' usage access to the schema and catalog, along with select access to the view. Consequently, a user who is a member of the Databricks group 'X' will gain visibility of the object and the ability to retrieve data from the view.
However, a challenge arises when I execute the `CREATE OR REPLACE VIEW` statement again. It appears that the previously granted permissions for Databricks group 'X' vanish, subsequently restricting users in that group from accessing the object.
Could you please provide guidance /feedback on this ? Your assistance is greatly appreciated.
Will RLS and column masking be available on Delta Live Materialized Views?
Goooood question. Don't know yet, will dig into it!
Currently, Would it even be possible to a bit of both, .i.e. Row based masking a column. Ex: Hide the phone number/email if the person is not an admin.
That is not bit of both. It is called column level security.
Does this configuration also work for synapse sql pool?
Nope, this is a Databricks Unity Catalog feature