1

I am trying to create data security policies on user tables on Databricks. However i have implemented this task on SQL server with below SQL Queries

enter image description here

CREATE FUNCTION [test].[mailfunction](@useremail AS nvarchar(100))
RETURNS TABLE WITH SCHEMABINDING AS
RETURN SELECT 1 AS mailfunction_result WHERE @useremail = SUSER_SNAME() 
GO

create SECURITY POLICY [mailfunctionSecurityPolicy]
ADD FILTER PREDICATE [test].[mailfunction]([useremail])  ON 
test.users WITH (STATE = OFF);

And i am trying this to implement on Databrick and created the function but i am not able to create SECURITY POLICY on Databricks.

I need to create the function or work around for Create function in databricks and need to archive role base access control on my table as we achieved in SQL side.

Also please suggest some reference code for implement Role based access and Row and Column level security and data masking implementation databricks.

Alex Ott
  • 80,552
  • 8
  • 87
  • 132
poornachandran r
  • 11
  • 1

1 Answers1

0

Right now there is no exact the same functionality but it's coming in the near future - you can watch latest Databricks quarterly roadmap webinar to get more details about upcoming functionality for RBAC & ABAC.

But right now you can dynamic views over the tables to implement row-level access control and data masking. For this you can use current_user and is_member functions to perform checks. Like this (example from docs):

CREATE VIEW sales_redacted AS
SELECT user_id,
  CASE WHEN
    is_member('auditors') THEN email
    ELSE 'REDACTED'
  END AS email,
  country,  product, total
FROM sales_raw

And you can use user/group names from the data itself, it's not necessary to use hard-coded group names in the is_member call. You can see example in the following answer.

Alex Ott
  • 80,552
  • 8
  • 87
  • 132