What is the ANY FILE
securable?
Privileges on the ANY FILE
securable grant the entitled principal direct access to the filesystem and data in cloud object storage, regardless of any Hive table ACLs set on database objects like schemas or tables.
Privileges for ANY FILE
You can grant MODIFY
or SELECT
privilege on the ANY FILE
securable to any service principal, user, or group using legacy Hive table access control lists (ACLs). All workspace admins have MODIFY
privileges on ANY FILE
by default. Any user with MODIFY
privileges can grant or revoke privileges on ANY FILE
.
You must have privileges on the ANY FILE
securable when using custom data sources or JDBC drivers not included in Lakehouse Federation. See What is Lakehouse Federation?.
Privileges on the ANY FILE
securable cannot override Unity Catalog privileges and do not grant or expand privileges on data objects governed by Unity Catalog. Some drivers and custom-installed libraries might compromise user isolation by storing data of all users in one common temp directory.
Privileges on the ANY FILE
securable apply only when you use SQL warehouses or clusters with shared access mode.
ANY FILE
respects legacy access patterns for data in cloud object storage, including mounts and storage credentials defined at the compute level. See Configure access to cloud object storage for Databricks.
How does ANY FILE
interact with Unity Catalog?
When using Unity Catalog-enabled shared clusters or SQL warehouses, privileges on the ANY FILE
securable are evaluated when accessing storage paths or data sources that are not governed by Unity Catalog. Privileges on the ANY FILE
securable are evaluated after all Unity Catalog-related privileges and serve as a fallback for storage paths and connector libraries not managed with Unity Catalog.
Databricks recommends using Lakehouse Federation for configuring read-only access to supported external data sources. Lakehouse Federation never requires privileges on the ANY FILE
securable. See What is Lakehouse Federation?.
Unity Catalog volumes and tables provide full governance for tabular and nontabular data and do not require privileges on the ANY FILE
securable.
Access to any data governed by Unity Catalog using URIs cannot use privileges on the ANY FILE
securable. See Connect to cloud object storage and services using Unity Catalog.
You must have SELECT
privileges on the ANY FILE
securable to read using the following patterns on Unity Catalog-enabled shared clusters:
Cloud object storage using URIs.
Data stored in the DBFS root or using DBFS mounts.
Data sources using custom libraries or drivers.
JDBC drivers not configured with Lakehouse Federation.
External data sources that are not governed by Unity Catalog.
Streaming data sources, except tables and volumes governed by Unity Catalog and streams that use table names registered to the Hive metastore.
Concerns about ANY FILE
securable privileges
Privileges on the ANY FILE
securable essentially bypass legacy Hive table ACLs set on database objects. Use discretion when you grant privileges on the ANY FILE
securable, if you have not fully migrated all tables to Unity Catalog and you still rely on legacy Hive table ACLs for managing access to data.
Privileges granted on the ANY FILE
securable never bypass Unity Catalog data governance. However, users that have privileges on the ANY FILE
securable have expanded ability to configure and access data sources not governed by Unity Catalog.