Delta Sharing is in Public Preview. To participate in the preview, you must enable the External Data Sharing feature group in the Databricks Account Console. See Enable the External Data Sharing feature group for your account.
Delta Sharing is subject to applicable terms. Enabling the External Data Sharing feature group represents acceptance of those terms.
Databricks-managed Delta Sharing allows data providers to share data and data recipients to access the shared data.
As a data provider, you can share data with recipients that don’t use Databricks. For more information, see Share data using Delta Sharing. If you want to share data with data recipients outside of your account, enable external Delta Sharing on the metastore. You don’t have to enable external Delta Sharing if you are sharing data within the same account.
As a data recipient, you can access shared data in an open environment (such as your own compute cluster or AWS EMR). For more information, see Access data shared with you using Delta Sharing.
This section explains the concepts and processes you need to understand as the data provider in a Delta Sharing relationship.
Data recipient: A data recipient is an object in Unity Catalog metastore representing the data recipient in the real world who accesses the shared data. A recipient can have access to multiple shares.
Share: A share is a collection of datasets to be shared in a Unity Catalog metastore. A metastore can have multiple shares, and you can control which recipients have access to each share.
A recipient is a named object that represents the identity of a data recipient in the real world who consumes the shared data. For a data recipient in Databricks, the recipient object has an authentication type of
DATABRICKS, which suggests that it uses Databricks-managed Delta Sharing to access the data. For data recipients who use the open source connectors and bearer tokens to access the data, the recipient object has an authentication type of
More specifically, a recipient object represents a data recipient on a particular Unity Catalog metastore. When a recipient with
DATABRICKS authentication type is created, it gets associated with a Unity Catalog metastore on a specific cloud platform and cloud region. It is guaranteed that the data shared with this recipient can only be accessed on that metastore.
On the contrary, a recipient with
TOKEN authentication type represents a data recipient that can be in any environment and the data access can happen anywhere with any open-source connectors.
When you manage a recipient object with DATABRICKS authentication type, you don’t need to explicitly handle any credentials. Databricks-managed Delta Sharing handles all complexities like identity verification, authentication, auditing, etc and makes sure data sharing is secure.
You can use the
CREATE RECIPIENT SQL command to create a recipient with a sharing identifier.
CREATE RECIPIENT [IF NOT EXISTS] <recipient_name> USING ID <sharing_identifier> [COMMENT <comment]
<sharing_identifier> is the global unique identifier of a Unity Catalog metastore owned by the data recipient with whom you’d like to share data. It has a format of
<cloud>:<region>:<uuid>. Example value:
This field is referred to as sharing identifier. Your provider needs the sharing identifier to create a Databricks-to-Databricks recipient.
You can use the below SQL commands to view, update, and delete a recipient. When a recipient is deleted, the data recipients it represents can no longer access the shared data.
SHOW RECIPIENTS [LIKE <pattern>]; DESC RECIPIENT <recipient_name>; DROP RECIPIENT [IF EXISTS] <recipient_name>;
The following section providers you with concepts and processes you need to understand as a data recipient in a Delta Sharing relationship.
Data provider: A data provider is an object on Unity Catalog metastore representing the data provider in the real world who shares the data. A provider contains shares which further contains the shared data.
Share: A share is a collection of datasets shared by the data provider. A share belongs to a data provider and one can create a catalog from a share to access the dataset inside.
Catalog: A catalog is the top-level object in Unity Catalog’s 3-level namespace for organizing data. A catalog created from a share is called a Delta Sharing catalog.
The following diagram shows a holistic view of all Delta Sharing objects under a Unity Catalog metastore and the relationships among them.
By default, the owners of all data objects under a Delta Sharing catalog are set to be the catalog creator. The catalog owner can choose to delegate the ownership of certain data objects to other users or groups if they see fit. On Unity Catalog, the owner of a data object can manage its permissions and life cycles.
To transfer the ownership of the data objects to other users or groups, use the ALTER … OWNER TO command.
GRANT USAGE ON CATALOG <catalog-name> TO `<user-or-group>`; REVOKE USAGE ON CATALOG <catalog-name> FROM `<user-or-group>`; GRANT USAGE ON SCHEMA <schema-name> TO `<user-or-group>`; REVOKE USAGE ON SCHEMA <schema-name> FROM `<user-or-group>`; GRANT SELECT ON TABLE <table-name> TO `<user-or-group>`; REVOKE SELECT ON TABLE <table-name> FROM `<user-or-group>`;