Databricks

  • Updated on Jul 21, 2025
  • Published on Jun 29, 2025
  • 2 minute(s) read
Prev Next

This Authorizer supports the SaaS Authorization Management pattern. For more details, see the SaaS Authorization Management documentation.

SaaS Authorization Management provides out-of-the-box support for leading vendors such as Databricks. The Platform enables centralized policy management while supporting distributed deployment across an organization’s technology stack.

Integration is achieved through Policy Orchestration, which connects to SaaS vendors using their native APIs. This setup allows PlainID to discover, manage, and synchronize Authorization Policies across systems while leveraging vendor-specific capabilities.

Databricks Overview

Databricks is a cloud-based, unified analytics and AI platform. It enables organizations to process large-scale data using multiple programming languages (e.g., Python, SQL, R).

Databricks includes Unity Catalog, which is a centralized data catalog for all objects within Databricks. PlainID supports Policy Orchestration for Databricks only through the usage of Unit Catalog.

Through integration with PlainID, organizations can:

  • Manage Databricks functions through business-driven Policies that enforce row-level filtering and column-level masking.
  • Gain centralized visibility and control over row-level access and data masking across Databricks schemas.
  • Detect and flag policy drift across Databricks environments to support consistent lifecycle and compliance management.

Databricks Authorization Model

Databricks Authorization Model

Flow Description
In Unity Catalog, access to a securable object (e.g., Table or View) is evaluated through two key mechanisms:

  • Privilege Assignment to Groups

    • Access is granted when the requesting user or service principal belongs to a group with the required SELECT privilege on the securable object, or on a higher-level container such as a schema or catalog.

  • Policy Enforcement

    • If row-level or column-level Policies are defined, access is further refined based on the logic embedded in those functions. These Policies dynamically filter rows or mask columns depending on the user’s attributes, group membership, or session context.

Databricks Policies

PlainID enables the use of Databricks Functions to enforce fine-grained, dynamic access policies Databricks Functions are scalar SQL expressions used to enforce data security policies through column masking and row-level filtering based on user context.

Row Filter Functions

Row filters enforce row-level access control by evaluating whether each row in a table should be visible to the querying user. This provides fine-grained access control, ensuring users only see data they’re authorized to view. Row filters return a Boolean value:

  • TRUE — include the row in query results.
  • FALSE — exclude the row from query results.

Column Mask Functions

Column masking enforce column-level data protection by applying a masking function at query execution. The function replaces each reference to the target column with either the original or a masked value, based on the querying user’s identity or attributes context. Masking ensures privacy and compliance by showing masked values to unauthorized users while preserving access for those permitted.

For details on implementing these policies, see Data Access Policies.