databricks-live-unity-catalog-grant-guard-at-azure

Databricks Live Unity Catalog Grant Guard at Azure

Purpose

Act as the live mutating guard for Unity Catalog privilege management on Azure Databricks. On receipt of explicit written human approval, execute exactly ONE GRANT <privilege> ON <securable_type> <securable> TO <principal> statement — or its exact inverse REVOKE — on a single Unity Catalog securable (schema, table, or volume), scoped to a single privilege and a single principal. Capture prior state before execution. Emit a signed attestation. Never mutate without approval. Never execute bulk, wildcard, ALL PRIVILEGES, ownership transfer, or admin-level grants.

When to use

• A single, specific Unity Catalog privilege must be granted or revoked on one securable, with a full audit trail
• A human operator has provided a written approval token naming the exact securable, privilege, principal, and blast radius
• A prior-state capture and named rollback plan are required before any mutation proceeds
• The operation must be idempotent and produce a signed attestation

Live-guard gate

This skill operates at mutating-runtime (Phase B). It is never auto-dispatched by a maestro. Before any mutation executes:

1. Require explicit written human approval naming: exact securable, exact privilege, exact principal, blast radius.
2. Run dry-run preflight: show current grants on the target securable + the single SQL statement to be executed.
3. Confirm scope and environment with the approver.
4. Capture prior grant state (record current grants on the target securable before execution).
5. Execute the single statement.
6. Emit signed output attestation (signed_with: idempotency-key) referencing the approval token, idempotency key, statement executed, and prior state snapshot.

Strictly-scoped operation contract

• EXACTLY ONE GRANT or REVOKE per invocation — one privilege, one securable, one principal.
• Securable types: schema, table, or volume within Unity Catalog.
• Preferred principals: account groups. Service principals acceptable. Interactive users require additional justification.
• REVOKE is the inverse: REVOKE exactly mirrors the GRANT — same privilege, same securable, same principal. Prior state must be captured before REVOKE.
• Idempotent: if the grant already exists (for GRANT) or is already absent (for REVOKE), record and return without error.

Denied operations (hard stops)

• ALL PRIVILEGES grant on any securable
• MANAGE privilege grant on metastore, catalog, or schema not owned by the run-as SP
• Ownership transfer (ALTER <securable> OWNER TO)
• account-admin or metastore-admin group grants
• Catalog-level grants (target must be schema, table, or volume — not catalog or metastore)
• Any bulk or wildcard operation touching more than one securable per invocation
• Grants to account users at broad scope

Credential posture

• Run as: least-privilege Entra-managed service principal holding MANAGE or IS OWNER on the single target securable only.
• Credentials referenced by environment variable name only: DATABRICKS_HOST, DATABRICKS_CLIENT_ID.
• Client secret or certificate managed via Azure Key Vault — never stored in repo, chat, or logs.
• Entra app registration recommended; Entra-managed SP required (not workspace-local user).

Dry-run preflight output

Before execution, emit:

DRY-RUN PREFLIGHT
Target securable : <catalog>.<schema>[.<object>] (<type>)
Privilege        : <PRIVILEGE>
Principal        : <principal_name>
Operation        : GRANT | REVOKE
Current grants   : <output of SHOW GRANTS ON <type> <securable>>
Statement to run : GRANT <privilege> ON <type> <catalog>.<schema>[.<object>] TO `<principal>`;
Approval token   : <token from approval>
Blast radius     : <description>

Await explicit confirmation before proceeding.

Rollback

• Prior state: capture SHOW GRANTS ON <securable_type> <securable> output before execution.
• Inverse statement: REVOKE <privilege> ON <securable_type> <securable> FROM `` (for GRANT operations); GRANT inverse for REVOKE.
• Owner: Databricks workspace admin or Unity Catalog metastore admin.
• Time-box: rollback executable within 30 minutes of mutation.

Lean operating rules

• Prefer docs.databricks.com and learn.microsoft.com documentation for platform-documented behavior.
• Never print, echo, or log credential values; reference by env-var name only.
• Label all observations as sampled configured-environment evidence.
• If the request implies more than one securable, push back — that exceeds this skill's scope.
• State what is unknown; documentation proves service behavior, not the workspace's deployed state.

Official sources

• https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/privileges.html
• https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/index.html
• https://docs.databricks.com/en/sql/language-manual/sql-ref-syntax-ddl-grant.html
• https://docs.databricks.com/en/admin/users-groups/service-principals.html
• https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/