Introduction
It's Monday morning and a cross‑functional team is preparing a new quarterly forecasting dashboard for an internal review. The data engineer has curated several finance and product usage datasets. The analyst wants to blend them with a recently added operational table. The data scientist plans to prototype a feature importance notebook that will write intermediate results. A platform owner joins because access requests have started to pile up in chat.
As they talk, a pattern emerges:
- People are unsure which higher‑level privileges (catalog vs. schema) they already inherit.
- Some objects require individual grants while others "just work," but no one can clearly say why.
- Creating a temporary table succeeds in one area but not in another, slowing iteration.
- Auditing who can currently read sensitive finance data would take manual inspection.
The team agrees they need a consistent model: understand the path a query takes, list the minimum privileges for common actions, decide where inheritance is intentional, and document a repeatable way to grant and review access.
This module provides a focused overview of how Unity Catalog governs access to data objects. You'll examine the path a query takes, how authorization decisions are made, and the practical differences between explicit and inherited privileges in the catalog / schema / table hierarchy. The aim is to give you enough mental models and syntax examples to design clear, maintainable permission structures.
After completing the module, you should be able to:
- Describe the Unity Catalog query lifecycle and where access checks occur.
- Distinguish explicit grants from inherited privileges and state when each is appropriate.
- Identify the minimum privileges required for common tasks (querying, creating tables).
- Compare Unity Catalog authorization to a legacy Hive metastore approach.
- Apply a repeatable pattern for granting and auditing access.