Governance
- Admin roles
- Account: can create metastores, link workspaces to metastores, add users, configure storage credentials, enable/delegate access to system tables
- Metastore: manage tables and volumes at the metastore level
- Workspace: can
- add users to workspace
- manage workspace specific objects like jobs, notebooks, dashboards, queries
- ACLs (privileges)
can view/can run, can edit or can manage permissions
workspace-catalog binding
- Supports multiple environments
- workspace is primary data processing environment, whereas catalog is primary data domain
- bind specific catalogs to specific workspaces; multiple catalogs can be bound to a single workspace
- a workspace can be attached to a metastore by:
- if a workspace is created in a region for the first time, a new metastore is automatically created and attached
- if an account already has metastore, admin can decide to automatically attaching metastore to all new workspaces.