Unity Catalog Preview

Unity Catalog provides a metastore for Delta tables within the Databricks ecosystem, and Dremio supports these Delta Lake Universal Format (UniForm) tables in Unity Catalog as a Dremio data source.

UniForm Iceberg

UniForm is an Iceberg metadata layer that provides a read-only interoperability layer for Iceberg clients. To query Delta tables, you must use UniForm to read Delta tables with Iceberg clients. For guidance, see Enable UniForm Iceberg in the Databricks documentation. The minReaderVersion of UniForm required is 2, as noted in Features by protocol version.

For the limitations of UniForm tables, see Limitations in the Databricks documentation.

Configuring Unity Catalog as a Source

To add a Unity Catalog source:

1. On the Datasets page, to the right of Sources in the left panel, click .

2. In the Add Data Source dialog, under Metastores, select Unity Catalog.

   The New Unity Catalog dialog box appears, which contains the following tabs:

   • General: Create a name for your Unity Catalog source, specify the endpoint URI and Unity Catalog, and set the authentication.

   • Advanced Options: Use catalog properties and credentials to set up storage authentication and authorization.

   • Reflection Refresh: (Optional) Set a policy to control how often reflections are refreshed and expired.

   • Metadata: (Optional) Specify dataset handling and metadata refresh.

   • Privileges: (Optional) Add privileges for users or roles.

   Refer to the following sections for guidance on how to edit each tab.

General

To configure the source connection:

1. For Name, enter a name for the source.

   note

   The name you enter must be unique in the organization. Also, consider a name that is easy for users to reference. This name cannot be edited once the source is created. The name cannot exceed 255 characters and must contain only the following characters: 0-9, A-Z, a-z, underscore(_), or hyphen (-)

2. For Unity Catalog, enter the catalog name.

3. For Endpoint URI, specify the catalog service URI. For more information on how to find your Unity Catalog URI, see Read using the Unity Catalog Iceberg catalog endpoint for more details.

4. Under Authentication, choose a method for providing the Unity Catalog password from the dropdown menu:

   • Dremio: Provide the Unity Catalog password in plain text. Dremio stores the password.

   • Azure Key Vault: Provide the URI for the Azure Key Vault secret that stores the Unity Catalog password. The URI format is https://<vault_name>.vault.azure.net/secrets/<secret_name> (for example, https://myvault.vault.azure.net/secrets/mysecret).

     note

     To use Azure Key Vault as your application secret store, you must:
     - Deploy Dremio on Azure.
     - Complete the Requirements for Authenticating with Azure Key Vault.

     It is not necessary to restart the Dremio coordinator when you rotate secrets stored in Azure Key Vault. Read Requirements for Secrets Rotation for more information.

   • AWS Secrets Manager: Provide the Amazon Resource Name (ARN) for the AWS Secrets Manager secret that holds the Unity Catalog password, which is available in the AWS web console or using command line tools.

   • HashiCorp Vault: Choose the HashiCorp secrets engine you're using from the dropdown menu and enter the secret reference for the Unity Catalog password in the correct format in the provided field.

   Then provide a Databricks Personal Access Token (PAT). Depending on your deployment, choose from the following options:

   • AWS-based Unity deployment: See Databricks personal access tokens for service principals to create a PAT.

   • Azure Databricks-based Unity deployment: See Azure Databricks personal access tokens for service principals to create a PAT.

5. (Optional) For Allowed Namespaces, add each namespace and check the option if you want to include their whole subtrees. Tables are organized into namespaces, which can be at the top level or nested within one another. Namespace names cannot contain periods or spaces.

Advanced Options

To set the advanced options:

1. (Optional) For Enable Asynchronous Access for Parquet Datasets, this option is enabled by default but you can uncheck the box to deactivate. Dremio enables asynchronous access and local caching when possible so that asynchronous requests do not wait for data to return from your storage. Activating this option can enable faster query times.

2. For Catalog Properties and Catalog Credentials, you must manually provide the storage authentication instead of using vended credentials in this preview version of Unity Catalog.

   Dremio supports Amazon S3 and Azure Storage as object storage services. For acceptable storage authentication configurations, see the following catalog properties and credentials for each service option.

   Amazon S3 Access Key

   Type	Name	Value	Description
   property	fs.s3a.aws.credentials.provider	org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider	Required field for a Unity Catalog source
   credential	fs.s3a.access.key	<your_access_key>	AWS access key ID used by S3A file system. Omit for IAM role-based or provider-based authentication
   credential	fs.s3a.secret.key	<your_secret_key>	AWS access key used by S3A file system. Omit for IAM role-based or provider-based authentication

   Amazon S3 Assumed Role

   Type	Name	Value	Description
   property	fs.s3a.assumed.role.arn	arn:aws:iam::*******:role/OrganizationAccountAccessRole	AWS ARN for the role to be assumed
   property	fs.s3a.aws.credentials.provider	com.dremio.plugins.s3.store.STSCredentialProviderV1	Required field for a Unity Catalog source
   property	fs.s3a.assumed.role.credentials.provider	org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider	Use only if the credential provider is AssumedRoleCredentialProvider; lists credential providers to authenticate with the STS endpoint and retrieve short-lived role credentials

   Azure Storage Shared Key

   Type	Name	Value	Description
   credential	fs.azure.account.key	<your_account_key>	Storage account key

3. Under Cache Options, review the following table and edit the options to meet your needs.

   Cache Options	Description
   Enable local caching when possible	Selected by default, along with asynchronous access for cloud caching. Uncheck the checkbox to disable this option. For more information about local caching, see Columnar Cloud Cache.
   Max percent of total available cache space to use when possible	Specifies the disk quota, as a percentage, that a source can use on any single executor node only when local caching is enabled. The default is 100 percent of the total disk space available on the mount point provided for caching. You can either manually enter in a percentage in the value field or use the arrows to the far right to adjust the percentage.

Reflection Refresh

You can set the policy that controls how often reflections are scheduled to be refreshed automatically, as well as the time limit after which reflections expire and are removed. See the following options.

Option	Description
Never refresh	Select to prevent automatic reflection refresh, default is to automatically refresh.
Refresh every	How often to refresh reflections, specified in hours, days or weeks. This option is ignored if Never refresh is selected.
Set refresh schedule	Specify the daily or weekly schedule.
Never expire	Select to prevent reflections from expiring, default is to automatically expire after the time limit below.
Expire after	The time limit after which reflections expire and are removed from Dremio, specified in hours, days or weeks. This option is ignored if Never expire is selected.

Metadata

Specifying metadata options is handled with the following settings.

Dataset Handling

• Remove dataset definitions if underlying data is unavailable (Default).
• If this box is not checked and the underlying files under a folder are removed or the folder/source is not accessible, Dremio does not remove the dataset definitions. This option is useful in cases when files are temporarily deleted and put back in place with new sets of files.

Metadata Refresh

These are the optional Metadata Refresh parameters:

• Dataset Discovery: The refresh interval for fetching top-level source object names such as databases and tables. Set the time interval using this parameter.

  Parameter	Description
  Fetch every	You can choose to set the frequency to fetch object names in minutes, hours, days, or weeks. The default frequency to fetch object names is 1 hour.

• Dataset Details: The metadata that Dremio needs for query planning such as information needed for fields, types, shards, statistics, and locality. These are the parameters to fetch the dataset information.

  Parameter	Description
  Fetch mode	You can choose to fetch only from queried datasets. Dremio updates details for previously queried objects in a source. By default, this is set to Only Queried Datasets.
  Fetch every	You can choose to set the frequency to fetch dataset details in minutes, hours, days, or weeks. The default frequency to fetch dataset details is 1 hour.
  Expire after	You can choose to set the expiry time of dataset details in minutes, hours, days, or weeks. The default expiry time of dataset details is 3 hours.

Privileges

You have the option to grant privileges to specific users or roles. See Access Controls for additional information about privileges.

To grant access to a user or role:

1. For Privileges, enter the user name or role name that you want to grant access to and click the Add to Privileges button. The added user or role is displayed in the USERS/ROLES table.

2. For the users or roles in the USERS/ROLES table, toggle the checkmark for each privilege you want to grant on the Dremio source that is being created.

3. Click Save after setting the configuration.

Updating a Unity Catalog Source

To update a Unity Catalog source:

1. On the Datasets page, under Metastores in the panel on the left, find the name of the source you want to edit.

2. Right-click the source name and select Settings from the list of actions. Alternatively, click the source name and then the at the top right corner of the page.

3. In the Source Settings dialog, edit the settings you wish to update. Dremio does not support updating the source name. For information about the settings options, see Configuring Unity Catalog as a Source.

4. Click Save.

Deleting a Unity Catalog Source

note

If the source is in a bad state (for example, Dremio cannot authenticate to the source or the source is otherwise unavailable), only users who belong to the ADMIN role can delete the source.

To delete a Unity Catalog source:

1. On the Datasets page, click Sources > Metastores in the panel on the left.

2. In the list of data sources, hover over the name of the source you want to remove and right-click.

3. From the list of actions, click Delete.

4. In the Delete Source dialog, click Delete to confirm that you want to remove the source.

note

Deleting a source causes all downstream views that depend on objects in the source to break.