Configure Scratch Paths

Legacy Metastore

If the database or table is created in the legacy metastore (hive_metastore), you don't need a storage credential or an external location, but the cluster will need the correct credentials configured if the path is in remote storage.

Immuta's support for scratch paths in Unity Catalog works with external locations.

  1. Grant those locations to the metastore administrator user being used to connect Immuta.

The following example shows creating external locations using the preconfigured storage credential cred that configures the grants for a metastore admin admin@company.com:

GRANT CREATE TABLE, READ FILES, WRITE FILES ON STORAGE CREDENTIAL `cred` TO `admin@company.com`;
CREATE EXTERNAL LOCATION `location` URL `s3://location/name` WITH STORAGE CREDENTIAL `cred`;
GRANT CREATE TABLE, READ FILES, WRITE FILES ON EXTERNAL LOCATION `location` TO `admin@company.com`;

Immuta requires the database location to be specified in the create database call on an Immuta-enabled cluster so that Immuta can validate the read or write is permitted. For example,

CREATE DATABASE mydb LOCATION 's3://bucket/path/mydb';

Last updated

Other versions

SaaS2024.32024.2

Copyright © 2014-2024 Immuta Inc. All rights reserved.