This article gives an overview of how to use the Delta Sharing open sharing protocol to share data securely with any user on any computing platform, anywhere.
If you want to learn how to use the Databricks-to Databricks sharing protocol to share data with users who have access to a Databricks workspace that is enabled for Unity Catalog, see Share data using the Delta Sharing Databricks-to-Databricks protocol. If you are a data recipient (a user or group of users with whom Databricks data is being shared), see Access data shared with you using Delta Sharing.
For an introduction to Delta Sharing and a comparison of open sharing with Databricks-to-Databricks sharing, see Share data securely using Delta Sharing.
This section provides a high-level overview of the open sharing workflow, with links to detailed documentation for each step.
In the Delta Sharing open sharing model:
The data provider creates a recipient, which is a named object that represents a user or group of users that the data provider wants to share data with.
When the data provider creates the recipient, Databricks generates a token, a credential file that includes the token, and an activation link that the data provider can send to the recipient to access the credential file.
For details, see Step 1: Create the recipient.
The data provider creates a share, which is a named object that contains a collection of tables registered in a Unity Catalog metastore in the provider’s account.
For details, see Create and manage shares for Delta Sharing.
The data provider grants the recipient access to the share.
For details, see Grant and manage access to Delta Sharing data shares.
The data provider sends the activation link to the recipient over a secure channel, along with instructions for using the activation link to download the credential file that the recipient will use to establish a secure connection with the data provider to receive the shared data.
For details, see Step 2: Get the activation link.
The data recipient follows the activation link to download the credential file, and then uses the credential file to access the shared data.
Shared data is available to read only. Users can access data using their platform or tools of choice.
For details, see Read data shared using Databricks-to-Databricks Delta Sharing.
Good token management is key to sharing data securely when you use the open sharing model:
Data providers who intend to use open sharing must configure the default recipient token lifetime when they enable Delta Sharing for their Unity Catalog metastore. Databricks recommends that you configure tokens to expire. See Enable Delta Sharing on a metastore.
If you need to modify the default token lifetime, see Modify the recipient token lifetime.
Encourage recipients to manage their downloaded credential file securely.
For more information about token management and open sharing security, see Manage recipient tokens (open sharing).
Data providers can provide additional security by assigning IP access lists to restrict recipient access to specific network locations. See Use IP access lists to restrict Delta Sharing recipient access (open sharing).