If you use workspaces to isolate user data access, you may want to limit catalog access to specific workspaces in your account, also known as workspace-catalog binding
By default, Databricks assigns the catalog to all workspaces attached to the current metastore. By using databricks_catalog_workspace_binding
, the catalog will be unassigned from all workspaces and only assigned explicitly using this resource.
resource "databricks_catalog" "sandbox" {
name = "sandbox"
isolation_mode = "ISOLATED"
}
resource "databricks_catalog_workspace_binding" "sandbox" {
securable_name = databricks_catalog.sandbox.name
workspace_id = databricks_mws_workspaces.other.workspace_id
}
The following arguments are required:
workspace_id
- ID of the workspace. Change forces creation of a new resource.securable_name
- Name of securable. Change forces creation of a new resource.securable_type
- Type of securable. Default to catalog
. Change forces creation of a new resource.binding_type
- Binding mode. Default to BINDING_TYPE_READ_WRITE
. Possible values are BINDING_TYPE_READ_ONLY
, BINDING_TYPE_READ_WRITE
This resource can be imported by using combination of workspace ID, securable type and name:
terraform import databricks_catalog_workspace_binding.this "<workspace_id>|<securable_type>|<securable_name>"