Managed identities do not require you to maintain credentials or rotate secrets.Using an Azure managed identity has the following benefits over using a service principal: It can either be an Azure managed identity (strongly recommended) or a service principal. External locations and storage credentialsĮxternal locations and storage credentials allow Unity Catalog to read and write data on your cloud tenant on behalf of users.Ī storage credential encapsulates a long-term cloud credential that provides access to cloud storage. For these reasons, you should not reuse a container that is your current DBFS root file system or has previously been a DBFS root file system for the root storage location in your Unity Catalog metastore. Giving access to this storage location could allow a user to bypass access controls in a Unity Catalog metastore and disrupt auditability. You need to ensure that no users have direct access to this managed storage location. To share data between metastores, see Delta Sharing.Įach metastore is configured with a root storage location that can be used for managed tables. Therefore, if you have multiple regions using Databricks, you will have multiple metastores. You create a single metastore in each region you operate and link it to all workspaces in that region. Databricks account admins can create metastores and assign them to Databricks workspaces to control which workloads use each metastore.
It stores data assets (tables and views) and the permissions that govern access to them. A metastore is the top-level container of objects in Unity Catalog.
0 kommentar(er)
