Architecture improvements and updates for Databricks Unity Catalog integration
Immuta has updated the back-end architecture supporting the Databricks Unity Catalog integration, and this update will be released to Unity Catalog customers over the coming weeks. The new architecture will help customers get improved performance at a higher scale through more efficient operations between Immuta and Databricks. These are largely back-end updates to improve performance and efficiency.
In addition to the architectural updates, there are several user-facing changes included with this release:
🎯 Updates to manual policy resync behavior: The data policy resync option in the data source health checks will be updated to resync data policies as well as subscription policies for Unity Catalog data sources. If there is any policy failure on a data source, you can manually trigger a resync through the health check, which will run for both subscription and data policies. Read more about this in the documentation.
📝 Subscription logic updates: Part of the architecture updates include improvements to Immuta's subscription logic that allow Immuta to be fully additive to existing Databricks grants. Previously, Immuta would take over all grants on a data source, meaning users were revoked if they were not explicitly granted access through an Immuta subscription policy. Now, Immuta-managed grants and Databricks-managed grants will coexist harmoniously. Read more about this in the documentation.
❌ Catalog and schema revokes: By default, Immuta will revoke Immuta users' USE CATALOG and USE SCHEMA privileges if they do not have access to any underlying securable within that catalog/schema. If users have any Immuta or Databricks-managed grants to a securable, Immuta will not revoke that catalog/schema access. You can update this default behavior to not revoke catalog/schema access at all. Read more about this in the documentation.
✅ Databricks integrations fully managed through connections: For all actions related to editing and managing Databricks integrations, users must go through connections. Databricks integrations will no longer be present in Immuta's integrations app settings page.
🔎 Deprecating integration error banners: Immuta will no longer show the integration error banners when an integration validation is failing. Those error messages will be migrated to a new user experience through Immuta connections.
👉 New Immuta schemas: Immuta will create new immuta_policies schemas in your Databricks environments and manage all policies through the new schemas. The original policy schemas will still be present in your Unity Catalog environment, but Immuta will no longer use those.
