Governance & Security

Unity Catalog & Access Control

Manage data assets, permissions, and ownership across your lakehouse with NATIS Unity Catalog.

9 min read · Updated May 2025

On this page

Namespace Structure
Granting Permissions
Data Classification

Unity Catalog is the unified governance layer in NATIS that provides a three-level namespace (Catalog → Schema → Table/View), fine-grained access control (column-level security), data lineage, and centralized auditing — all managed through SQL GRANT/REVOKE or the Admin UI.

Namespace Structure

Catalog — Top-level container (e.g., production, staging, analytics). Maps to a storage location.
Schema (Database) — Logical grouping within a catalog (e.g., raw, silver, gold, ml_features).
Table / View — Individual data assets. Tables store data; views are SQL-defined virtual tables.
Volume — Non-tabular file storage within the catalog namespace (for PDFs, images, raw files).
Function / Model — Registered SQL functions and ML models treated as first-class catalog assets.

Granting Permissions

SQL

-- Grant SELECT on a schema to a team group
GRANT USAGE ON CATALOG production TO GROUP data_analysts;
GRANT USAGE ON SCHEMA production.gold TO GROUP data_analysts;
GRANT SELECT ON ALL TABLES IN SCHEMA production.gold TO GROUP data_analysts;

-- Grant column-level access (mask sensitive columns)
GRANT SELECT (customer_id, order_date, amount, region)
  ON TABLE production.gold.sales_transactions
  TO GROUP regional_managers;

-- Create a row-level security filter
CREATE ROW FILTER sales_region_filter
ON TABLE production.gold.sales_transactions
  USING (region = current_user_region());

-- Revoke access
REVOKE SELECT ON TABLE production.raw.pii_customers FROM USER contractor@example.com;

-- View effective permissions
SHOW GRANTS ON TABLE production.gold.sales_transactions;

Data Classification

Was this page helpful?

Thanks for your feedback!