ABAC_POLICY_DEFINITIONS
Applies to: Databricks SQL
Databricks Runtime
Unity Catalog only
This feature is in Public Preview.
INFORMATION_SCHEMA.ABAC_POLICY_DEFINITIONS returns one row per attribute-based access control (ABAC) policy attached to a securable object in the local catalog. Each row contains the policy definition, including its scope, policy type, target conditions, applicable principals, and the condition used to enforce the policy. This view returns the same policy details as DESCRIBE POLICY for every policy in the catalog.
You can see only policies for which you have MANAGE on the catalog, schema, or table where the policy is attached. This matches the access pattern of DESCRIBE POLICY.
This relation is an extension of the SQL Standard Information Schema.
Definition
The ABAC_POLICY_DEFINITIONS relation contains the following columns:
Name | Data type | Nullable | Description |
|---|---|---|---|
|
| No | Unique identifier of the policy. |
|
| No | Name of the policy. |
|
| No | The policy type. For example, |
|
| Yes | Name of the catalog the policy is attached to, or that contains the schema or table the policy is attached to. |
|
| Yes | Name of the schema the policy is attached to, or that contains the table the policy is attached to. |
|
| Yes | Name of the securable object the policy is attached to. |
|
| No | Type of the securable object the policy is attached to. For example, |
|
| No | Principals (users, groups, or service principals) the policy applies to. Empty array |
|
| No | Principals excluded from policy application. Empty array |
|
| No | Type of the securable object the policy targets when evaluated. For example, |
|
| Yes | Privileges granted by the policy. |
|
| Yes | Conditional expression under which the policy applies. For example, a boolean expression that matches tables based on their governed tags. |
|
| Yes | Columns referenced by the policy. |
|
| No | Principal who created the policy. |
Examples
-- List every GRANT policy in the current catalog.
> SELECT *
FROM information_schema.abac_policy_definitions
WHERE policy_type = 'GRANT';
-- Find all row filters and column masks attached to securable objects in a schema.
> SELECT policy_name, policy_type, on_securable_type, securable_name, when_condition, match_columns
FROM information_schema.abac_policy_definitions
WHERE policy_type IN ('ROW_FILTER', 'COLUMN_MASK')
AND catalog_name = 'my_catalog'
AND schema_name = 'my_schema';