UNITY CATALOG 中基于属性的访问控制 - 构建可扩展的访问管理框架.pdf

1、2024 Databricks Inc.All rights reservedATTRIBUTE BASED ATTRIBUTE BASED ACCESS CONTROLACCESS CONTROLKristen Wilder,Zeashan PappaBuilding a scalable access management frameworkMeet our presenters23+years of experience as an engineer and architect6 years of experience building with Databricks10 years o

2、f experience building scalable platforms and companiesProduct manager working on catalog,governance,security productsProduct manager at Databricks focused on discovery and governance experiences4+years of experience across product management and FE engineering3 years specializing on improving Govern

3、ance and Data Access ManagementZeashan PappaKristen WilderThis information is provided to outline Databricks general product direction and is for informational purposes only.Customers who purchase Databricks services should make their purchase decisions relying solely upon services,features,and func

4、tions that are currently available.Unreleased features or functionality described in forward-looking statements are subject to change at Databricks discretion and may not be delivered as planned or at allProduct safe harbor statement2024 Databricks Inc.All rights reserved1.ABAC Overview2.Fundamental

5、s3.Story&Demo4.Anatomy of a rule5.Use Cases6.Q/A5Agenda2024 Databricks Inc.All rights reservedAttribute Based Access ControlABAC allows access control to be conditional based on broader properties of the user,resource,and the request.-Builds on top of and coexists with the current UC security model,

6、including all privileges-Use row level filters and column level masking for fine grained access control-Governs data,AI,&filesystems6ABAC Overview2024 Databricks Inc.All rights reservedHigh Leverage Governance with ABACGovern Data&AI at scaleRulesExpress rules and enforce policy AttributesTags&attri