Configure Scratch Paths
If the database or table is created in the legacy metastore (
hive_metastore), you don't need a storage
credential or an external location, but the cluster will need the correct credentials configured if the path is
in remote storage.
Immuta's support for scratch paths in Unity Catalog works with external locations.
- Configure external locations for your scratch paths.
- Grant those locations to the metastore administrator user being used to connect Immuta.
The following example shows creating external locations using the preconfigured storage credential
configures the grants for a metastore admin
GRANT CREATE TABLE, READ FILES, WRITE FILES ON STORAGE CREDENTIAL `cred` TO `email@example.com`;
CREATE EXTERNAL LOCATION `location` URL `s3://location/name` WITH STORAGE CREDENTIAL `cred`;
GRANT CREATE TABLE, READ FILES, WRITE FILES ON EXTERNAL LOCATION `location` TO `firstname.lastname@example.org`;
Immuta requires the database location to be specified in the create database call on an Immuta-enabled cluster so that Immuta can validate the read or write is permitted. For example,
CREATE DATABASE mydb LOCATION 's3://bucket/path/mydb';