Section 6: 37. Unity Catalog Overview in Databricks

Questions and Answers

What is the primary function of Unity Catalog in the Databricks platform?

To provide a decentralized governance model.

To increase the complexity of data access rules.

To unify governance for all data and AI assets. (correct)

To manage user interfaces for each workspace.

Which of the following represents the highest level in the hierarchy of Unity Catalog?

Workspaces

Catalogs

Schemas

Metastore (correct)

How does Unity Catalog improve access control management compared to the previous model?

By separating access control from the workspace. (correct)

By eliminating the use of the Account Console.

By allowing access controls to be managed per workspace.

By requiring more user groups per workspace.

What new level of namespace does Unity Catalog introduce?

Catalogs

Which statement about Unity Catalog’s management of metastores is correct?

A Unity Catalog metastore can be assigned to multiple workspaces.

What is the role of the Account Console in Unity Catalog?

To manage users and groups for Unity Catalog.

Which of the following is NOT an asset type governed by Unity Catalog?

SQL queries

What was a limitation of the previous access control management model before Unity Catalog?

Access control was defined per workspace.

What is the primary role of a catalog in Unity Catalog?

To serve as the top level container for data objects.

Which type of identity is uniquely identified by an email address in Unity Catalog?

User

What does Identity Federation in Unity Catalog accomplish?

Simplifies the creation and maintenance of identities across workspaces.

Which of the following is NOT a privilege type in Unity Catalog?

ANY FILE

In Unity Catalog, what do Shares represent?

Collections of tables shared with one or more recipients.

What is the function of Storage Credentials in Unity Catalog?

To authenticate access to cloud storage.

How do groups function within Unity Catalog?

They collect users and service principles into a unified entity.

Which statement correctly describes the relationship between Unity Catalog and the legacy Hive metastore?

Unity Catalog can coexist with the Hive metastore, providing added features.

What is the purpose of schemas in Unity Catalog?

To contain data assets like tables, views, and functions.

What type of identity allows programmatic administrative functions in Unity Catalog?

Service Principle

How does the hierarchy of Unity Catalog differ from the traditional approach?

It introduces a third level of namespace with catalogs.

Unity Catalog can have multiple catalogs within a single metastore.

True

In Unity Catalog, a schema is primarily used to store external locations.

False

Unity Catalog incorporates Delta Sharing, which allows for data sharing through Shares and Recipients.

True

Groups in Unity Catalog cannot be nested within other groups.

False

Unity Catalog replaces the ANY FILE privilege from the Hive metastore with new privileges like READ FILES and WRITE FILES.

True

Identity Federation in Unity Catalog requires manual creation of identities for multiple workspaces.

False

Once Unity Catalog is enabled, the legacy Hive metastore becomes completely inaccessible.

False

Unity Catalog's security model is similar to that of Hive metastores for granting privileges.

False

Unity Catalog allows users to define data access rules separately for each workspace.

False

The Unity Catalog introduces a three-level namespace, including catalogs as the new level.

True

In Unity Catalog, the metastore is considered the lowest level logical container.

False

Metastores in Unity Catalog can be assigned to multiple workspaces simultaneously.

True

Unity Catalog is exclusively designed for use in on-premise environments.

False

The Account Console in Unity Catalog is used to manage users and groups across all workspaces.

True

Unity Catalog includes machine learning models as part of its governance solution.

True

Study Notes

Unity Catalog Overview

• Unity Catalog is the new governance solution for the Databricks platform, centralizing governance across all workspaces and clouds.
• It provides unified governance for data and AI assets in the Lakehouse, including files, tables, machine learning models, and dashboards.

Architecture and Features

• SQL language is used to define data access rules, allowing rules to be set once across multiple environments.
• Unlike previous models, Unity Catalog separates user and group management from individual workspaces, utilizing an Account Console.

Namespace Structure

• Introduces a three-level namespace: catalogs (top level), schemas (second level), and data assets (third level).
• Each metastore serves as the top-level logical container that includes metadata and access control lists.
• Catalogs act as containers for one or more schemas, differentiating from the traditional two-level namespace of tables within schemas.

Security Model

• Offers improved security over Hive metastore with advanced features and centralized governance.
• Supports Storage Credentials for authentication to underlying cloud storage, affecting whole storage containers.
• External Locations represent storage directories within those containers.

Sharing Data

• Incorporates a Delta Sharing feature with Shares (collections of tables shared with recipients) which is not covered in detail in the lecture.

Identity Management

• Unity Catalog recognizes three types of identities: users, service principals, and groups.
• Users are physical individuals identified by email addresses, while service principals are automated identities determined by Application ID.
• Nested groups facilitate organization, e.g., Employees group can contain HR and Finance groups.

Identity Federation

• Facilitates single creation of identities in the Account Console, eliminating redundant identity management at the workspace level.
• Enables assigning users and service principals to multiple workspaces easily.

Privileges and Access Control

• Unity Catalog has a distinct set of privileges, including CREATE, USAGE, SELECT, and MODIFY, along with READ FILES and WRITE FILES for underlying storage.
• EXECUTE privilege exists for user-defined function execution.
• GRANT statements are employed to assign privileges on secure objects to specified principles.

Integration with Existing Infrastructure

• Unity Catalog is additive; it allows continued access to legacy Hive metastore while providing centralized governance.
• Legacy catalogs are unified with no hard migration needed to enable Unity Catalog.

Additional Features

• Built-in data search and discovery capabilities facilitate easier navigation and exploration of data assets.
• Automated lineage tracking helps identify data origins and usage across various data types, enhancing traceability.
• Access to the Account Console can be established by logging in as an account administrator at the provided URL.

Overview of Unity Catalog

• Unity Catalog is a centralized governance solution for Databricks across all workspaces on any cloud platform.
• It governs data and AI assets within the Lakehouse, including files, tables, machine learning models, and dashboards.

Key Features of Unity Catalog

• Utilizes SQL language for defining data access rules applicable across multiple workspaces and clouds.
• Users and groups are now managed through an Account Console rather than per workspace.

Architecture and Namespace

• Unity Catalog introduces a three-level namespace: catalogs, schemas, and tables.
• The metastore serves as the top-level logical container housing metadata and access control lists.
• Catalogs are the first part of the namespace and can contain multiple schemas.
• Schemas serve as the second part of the namespace, typically containing tables, views, and functions.

Differences from Hive Metastore

• Unity Catalog's metastore provides enhanced security and advanced features compared to the traditional Hive metastore.
• Unity Catalog allows for a single metastore to be assigned to multiple workspaces, promoting shared access to the same DBFS storage and access control lists.

Security Model

• Unity Catalog supports various identity types: users, service principals, and groups.
• Users are identified by email addresses and can have admin roles for managing Unity Catalog functions.
• Service principals represent identities for automated applications, identified by Application ID, and can also have admin roles.
• Groups can include nested structures, facilitating easier management of user permissions.

Identity Federation

• Unity Catalog allows for Identity Federation, enabling identities to be created once in the account console for assignment across multiple workspaces.
• This approach reduces redundancy in identity management at the workspace level.

Privileges and Permissions

• Unity Catalog has multiple privileges such as CREATE, USAGE, SELECT, and MODIFY.
• Additional privileges for underlying storage include READ FILES and WRITE FILES, replacing the former ANY FILE privilege from Hive metastore.
• EXECUTE privilege is granted for user-defined functions.

Governance and Data Discovery

• Integrates a built-in data search and discovery feature.
• Provides automated lineage capabilities to trace the origin and usage of data across various data types like tables, notebooks, workflows, and dashboards.

Legacy Compatibility

• Unity Catalog is additive, allowing continued access to the legacy Hive metastore upon its activation.
• The catalog named hive_metastore retains access to the local Hive metastore within any assigned workspace.

Accessing Unity Catalog

• To access the Account Console, log in as an account administrator at accounts.cloud.databricks.com.

Overview of Unity Catalog

• Unity Catalog is a centralized governance solution for Databricks across all workspaces on any cloud platform.
• It governs data and AI assets within the Lakehouse, including files, tables, machine learning models, and dashboards.

Key Features of Unity Catalog

• Utilizes SQL language for defining data access rules applicable across multiple workspaces and clouds.
• Users and groups are now managed through an Account Console rather than per workspace.

Architecture and Namespace

• Unity Catalog introduces a three-level namespace: catalogs, schemas, and tables.
• The metastore serves as the top-level logical container housing metadata and access control lists.
• Catalogs are the first part of the namespace and can contain multiple schemas.
• Schemas serve as the second part of the namespace, typically containing tables, views, and functions.

Differences from Hive Metastore

• Unity Catalog's metastore provides enhanced security and advanced features compared to the traditional Hive metastore.
• Unity Catalog allows for a single metastore to be assigned to multiple workspaces, promoting shared access to the same DBFS storage and access control lists.

Security Model

• Unity Catalog supports various identity types: users, service principals, and groups.
• Users are identified by email addresses and can have admin roles for managing Unity Catalog functions.
• Service principals represent identities for automated applications, identified by Application ID, and can also have admin roles.
• Groups can include nested structures, facilitating easier management of user permissions.

Identity Federation

• Unity Catalog allows for Identity Federation, enabling identities to be created once in the account console for assignment across multiple workspaces.
• This approach reduces redundancy in identity management at the workspace level.

Privileges and Permissions

• Unity Catalog has multiple privileges such as CREATE, USAGE, SELECT, and MODIFY.
• Additional privileges for underlying storage include READ FILES and WRITE FILES, replacing the former ANY FILE privilege from Hive metastore.
• EXECUTE privilege is granted for user-defined functions.

Governance and Data Discovery

• Integrates a built-in data search and discovery feature.
• Provides automated lineage capabilities to trace the origin and usage of data across various data types like tables, notebooks, workflows, and dashboards.

Legacy Compatibility

• Unity Catalog is additive, allowing continued access to the legacy Hive metastore upon its activation.
• The catalog named hive_metastore retains access to the local Hive metastore within any assigned workspace.

Accessing Unity Catalog

• To access the Account Console, log in as an account administrator at accounts.cloud.databricks.com.

Description

This quiz covers the Unity Catalog, Databricks' new governance solution. You will learn about its architecture, the introduced three-level namespace, and its security model. Gain insights into how Unity Catalog centralizes governance across cloud workspaces.