Skip to content

Governance

  • Admin roles
  • Account: can create metastores, link workspaces to metastores, add users, configure storage credentials, enable/delegate access to system tables
  • Metastore: manage tables and volumes at the metastore level
  • Workspace: can
    • add users to workspace
    • manage workspace specific objects like jobs, notebooks, dashboards, queries
  • ACLs (privileges)
  • can view/can run, can edit or can manage permissions

workspace-catalog binding

  • Supports multiple environments
  • workspace is primary data processing environment, whereas catalog is primary data domain
  • bind specific catalogs to specific workspaces; multiple catalogs can be bound to a single workspace
  • a workspace can be attached to a metastore by:
  • if a workspace is created in a region for the first time, a new metastore is automatically created and attached
  • if an account already has metastore, admin can decide to automatically attaching metastore to all new workspaces.