Model services in Unity Catalog
This feature is in Beta. Account admins can control access to this feature from the account console Previews page. See Manage Databricks previews.
Unity AI Gateway is not supported on AWS GovCloud.
A model service is a Unity Catalog securable object that represents a governed LLM endpoint. Model services let you define, share, and govern access to LLMs centrally in Unity Catalog, alongside your data and across workspace boundaries.
During Beta, model services support the following:
- Databricks-hosted pay-per-token foundation models, as system-provided services in
system.aiand as services you create. - Creating and managing model services with the Unity AI Gateway UI, Catalog Explorer, and the Unity Catalog REST API.
- Querying model services across workspaces, from inside and outside Databricks.
What is a model service?
A model service lives in a Unity Catalog schema and references one or more served models as destinations, with routing and fallback between them. Callers invoke the model service by its fully qualified name, and Unity AI Gateway routes each request to a destination model.
Because a model service is a Unity Catalog securable object, it:
- Lives in a catalog and schema, where it inherits schema settings such as workspace bindings.
- Carries standard Unity Catalog metadata, such as name, owner, comment, and tags.
- Is governed by Unity Catalog privileges, so you grant access using the same
GRANTandREVOKEstatements you use for tables, functions, and models. - Is discoverable in Catalog Explorer, alongside the rest of your Unity Catalog assets.
The same model service also appears as an endpoint in the Unity AI Gateway UI, where AI teams can configure features such as rate limits, inference tables, and guardrails. For more about those features, see Unity AI Gateway for agents and model services (legacy).
Why govern LLMs in Unity Catalog?
Unity AI Gateway endpoints created in a workspace are scoped to that workspace. To share an endpoint across workspaces, you must duplicate it in each workspace and manage each copy separately.
Model services move governance into Unity Catalog, so you can:
- Define an LLM endpoint once and use it from any workspace attached to the same metastore.
- Govern access centrally using Unity Catalog privileges, instead of per-workspace permissions.
- Discover models that are available to you across workspaces from a single location.
- Track usage and cost for model services in Unity Catalog system tables.
System-provided model services
Databricks provides a ready-to-use model service in the system.ai schema for each Databricks-hosted foundation model, such as system.ai.databricks-claude-opus-4-6. Databricks adds new system model services as new foundation models become available.
System-provided model services have the following characteristics:
- By default, all account users have the
EXECUTEprivilege, so you can query them without additional setup. - A system user owns them, and you cannot delete them.
- By default, only metastore administrators can modify them. A metastore administrator can delegate management by granting the
MANAGEprivilege.
To restrict access to system-provided model services, see govern model services.
Privileges
Model services use the standard Unity Catalog privilege model. The following privileges apply:
Privilege | Description |
|---|---|
| Access the catalog and schema that contain the model service. Required for all operations. |
| Create model services in a schema. Granted on the catalog or schema. |
| Query a model service. |
| Modify or delete a model service and manage its grants. The owner has a superset of |
When a user queries a model service, Databricks checks that the owner has EXECUTE on the referenced models (definer's rights). The caller does not need direct access to the underlying models.
Limitations
The following capabilities are not available during Beta:
- Provisioned throughput models and external model providers.
- Creating and managing model services with Terraform or SQL.
- Discovering model services with only the
BROWSEprivilege. - Lineage and global search for model services.