Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Configure Network Connectivity

Open the outbound TCP port 443 to Databricks on Google Cloud server.

The driver for Databricks on Google Cloud is compiled with the connector and does not require installation. To know the available driver version for Databricks on Google Cloud for your Alation version, see Support Matrix.

Create a Service Account

In Databricks on Google Cloud , create a service account for Alation. Refer to Manage Users <> .

Grant Required Permissions

The service account must have the following permissions to perform MDE and profiling:

  • Enable Hive Metastore. Hive Metastore is the default Databricks connection catalog.


    If you haven’t enabled Hive Metastore, you must include the ConnCatalog and ConnSchema parameters into the connection JDBC URI:

    • ConnCatalog - Specifies the catalog which contains the metadata schema.

    • ConnSchema - Specifies the schema inside the catalog in which metadata is stored.

    Example: ConnCatalog=en_dlake_cat;ConnSchema=data_governance;

  • Can Attach permission to connect to the cluster. For more details, refer to Create Cluster in Databricks on Google Cloud documentation.

  • Optionally, Can Restart permission to automatically trigger the cluster to start if its state is terminated while connecting.

  • Workspace access — Refer to Required Permissions - Workspace.

  • Cluster-level access - Refer to Cluster access control.

By default, all cluster users have access to all data stored in a cluster’s managed tables unless table access control is enabled for that cluster. The table access control option is only available for high-concurrency clusters. Refer to Table Access Control for more information.

If the Table Access Control option is enabled on the cluster:

  • Grant the SELECT privilege on all schemas and all their tables and views in a catalog.

    GRANT USAGE ON CATALOG <catalog-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON CATALOG <catalog-name> TO `<user>@<domain-name>`;
  • Grant the SELECT privilege on a specific schema and all its tables and views.

    GRANT USAGE ON SCHEMA <schema-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON SCHEMA <schema-name> TO `<user>@<domain-name>`;
  • Grant the SELECT privilege on specific tables and views in a schema.

    GRANT USAGE ON SCHEMA <schema-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON TABLE <schema-name>.<table-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON VIEW <schema-name>.<view-name> TO `<user>@<domain-name>`;

Refer to Data object privileges for more information.