Unity Catalog · Attribute-Based Access Control

Fine-Grained Access Control
With Databricks ABAC

A hands-on series covering row filtering, column masking, and tag-driven data governance using Unity Catalog's Attribute-Based Access Control.

3 Tutorials

5+ Patterns

HIPAA Compliant Examples

PCI-DSS Compliant Examples

🏷️

Tag-Driven Policies

Policies auto-apply to any column tagged with governed tags — no per-table configuration needed.

👥

Group-Based Access

Grant or exempt account groups from policies using TO and EXCEPT clauses.

🔒

Schema-Level Scope

One policy covers all current and future tables in a schema that match the tag condition.

⚡

Zero-ETL Security

No data copies or duplicated tables. Masking and filtering happen at query time.

Tutorial 01 Row Filtering ROW FILTER

Row Filtering Patterns with ABAC

Learn how to filter table rows based on user group membership and governed tags. Covers regional access control, healthcare time-based filters, emergency overrides, and fraud detection patterns for financial services.

Regional Access Healthcare Fraud Detection PCI-DSS

→

Tutorial 02 Column Masking COLUMN MASK

Column Masking Strategies with ABAC

Master six column masking techniques — from simple redaction and partial reveal to SHA2 pseudonymization, VARIANT masking, STRUCT masking, and combining multiple policies for PCI-DSS and HIPAA compliance.

PII Redaction SHA2 Pseudonymization PCI-DSS HIPAA

→

Tutorial 03 Multi-Domain Governance 2D TAGGING

Multi-Domain Data Governance with ABAC

Scale ABAC across multiple business domains using a 2D tagging strategy — domain × sensitivity. Covers HR, Finance, and Telco domains with 6-policy matrices, CPNI compliance, and the critical rule about row filter column tagging.

Domain × Sensitivity Multi-Domain Policies CPNI Telco

→

Fine-Grained Access Control With Databricks ABAC