Restricting sensitive data in the workspace

Store your data in a way that makes permissions management easier.

Written by david.vega

Last published at: September 12th, 2024

Problem

You want to restrict workspace users from accessing specific data. For example, you have sensitive data that you do not want everyone to be able to access or modify.

Cause

The DBFS root is accessible to all users and does not support access control. You should not save sensitive data on DBFS.

For more information, review the Recommendations for working with DBFS root (AWSAzureGCP) documentation.

Solution

Unity Catalog

If your workspace is using Unity Catalog, you should store your data in Unity Catalog volumes (AWSAzureGCP).

You can use SQL or the workspace UI to manage file permissions.

Workspace Files

If your workspace is not Unity Catalog enabled, you should store your data as workspace files (AWSAzureGCP). Access to workspace files can be managed with access control lists (AWSAzureGCP).

For more information, review the Recommendations for files in volumes and workspace files (AWSAzureGCP) documentation.