Share data using the Delta Sharing Databricks-to-Databricks protocol

This article gives an overview of how to use Databricks-to-Databricks Delta Sharing to share data securely with any Databricks user, regardless of account or cloud host, as long as that user has access to a workspace enabled for Unity Catalog.

Note

If you want to learn how to share data with users who don’t have access to a Databricks workspace that is enabled for Unity Catalog, see Share data using the Delta Sharing open sharing protocol. If you are a data recipient (a user or group of users with whom Databricks data is being shared), see Access data shared with you using Delta Sharing.

For an introduction to Delta Sharing and a comparison of Databricks-to-Databricks sharing with open sharing, see Share data securely using Delta Sharing.

Databricks-to-Databricks Delta Sharing workflow

This section provides a high-level overview of the Databricks-to-Databricks sharing workflow, with links to detailed documentation for each step.

In the Databricks-to-Databricks Delta Sharing model:

  1. A data recipient gives a data provider the unique sharing identifier for the Databricks Unity Catalog metastore that is attached to the Databricks workspace that the recipient (which represents a user or group of users) will use to access the data that the data provider is sharing.

    For details, see Step 1: Request the recipient’s sharing identifier.

  2. The data provider creates a share in the provider’s Unity Catalog metastore. This named object contains a collection of tables and notebooks registered in the metastore.

    For details, see Create and manage shares for Delta Sharing.

  3. The data provider creates a recipient object in the provider’s Unity Catalog metastore. This named object represents the user or group of users who will access the data included in the share, along with the sharing identifier of the Unity Catalog metastore that is attached to the workspace that the user or group of users will use to access the share. The sharing identifier is the key identifier that enables the secure connection.

    For details, see Step 2: Create the recipient.

  4. The data provider grants the recipient access to the share.

    For details, see Grant and manage access to Delta Sharing data shares.

  5. The share becomes available in the recipient’s Databricks workspace, and users can access it using Data Explorer, the Databricks CLI, or SQL commands in a Databricks notebook or the Databricks SQL query editor.

    To access the tables and notebooks in a share, a metastore admin or privileged user must create a catalog from the share. Then that user or another user granted the appropriate privilege can give other users access to the catalog and objects in the catalog, just as they would any other catalogs, schemas, or tables registered in Unity Catalog, with the important distinction being that users can be granted only read access on objects in catalogs that are created from Delta Sharing shares.

    Shared notebooks live at the catalog level, and any user with the USE CATALOG privilege on the catalog can access them.

    For details, see Read data shared using Databricks-to-Databricks Delta Sharing.