Skip to content

You are viewing documentation for Immuta version 2023.4.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Configure Scratch Paths

Legacy Metastore

If the database or table is created in the legacy metastore (hive_metastore), you don't need a storage credential or an external location, but the cluster will need the correct credentials configured if the path is in remote storage.

Immuta's support for scratch paths in Unity Catalog works with external locations.

  1. Configure external locations for your scratch paths.
  2. Grant those locations to the metastore administrator user being used to connect Immuta.

The following example shows creating external locations using the preconfigured storage credential cred that configures the grants for a metastore admin admin@company.com:

GRANT CREATE TABLE, READ FILES, WRITE FILES ON STORAGE CREDENTIAL `cred` TO `admin@company.com`;
CREATE EXTERNAL LOCATION `location` URL `s3://location/name` WITH STORAGE CREDENTIAL `cred`;
GRANT CREATE TABLE, READ FILES, WRITE FILES ON EXTERNAL LOCATION `location` TO `admin@company.com`;

Immuta requires the database location to be specified in the create database call on an Immuta-enabled cluster so that Immuta can validate the read or write is permitted. For example,

CREATE DATABASE mydb LOCATION 's3://bucket/path/mydb';