> For the complete documentation index, see [llms.txt](https://documentation.immuta.com/saas/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/data-and-integrations/registering-a-host/how-to-guides/connect-unity-catalog.md).

# Register a Databricks Unity Catalog Host

{% hint style="info" %}
This feature is being gradually rolled out to customers and may not be available to your account yet.
{% endhint %}

## Requirement

No Databricks Unity Catalog integrations can already be configured in Immuta. If your Databricks Unity Catalog integration is already configured on the app settings page, register your data sources using the [legacy method](/saas/~/changes/l3NnvynMHxi6VvqRtJhK/data-and-integrations/registering-metadata/register-data-sources/databricks-tutorial.md).

## Permissions

Several different accounts are used to set up and maintain the Databricks Unity Catalog integration. The permissions required for each are outlined below.

* **Immuta account (required)**: This user configures the integration and registers the host. This user needs the following permission:
  * `CREATE_DATA_SOURCE` Immuta permission
* **Databricks service principal (required)**: This service principal is used continuously by Immuta to orchestrate Unity Catalog policies and maintain state between Immuta and Databricks. This service principal needs the following Databricks privileges:
  * `OWNER` permission on the **Immuta catalog** you configure.
  * `OWNER` privilege **on one of the securables below** so that Immuta can administer Unity Catalog row-level and column-level security controls.
    * **on catalogs** with schemas and tables registered as Immuta data sources. This permission could also be applied by granting `OWNER` on a catalog to a Databricks group that includes the Immuta service principal to allow for multiple owners.
    * **on schemas** with tables registered as Immuta data sources.
    * **on all tables** registered as Immuta data sources - if the `OWNER` permission cannot be applied at the catalog- or schema-level. In this case, each table registered as an Immuta data source must individually have the `OWNER` permission granted to the Immuta service principal.
  * `USE CATALOG` and `USE SCHEMA` **on parent catalogs** and **schemas** of tables registered as Immuta data sources so that the Immuta service principal can `SELECT` and `MODIFY` securables within the parent catalog and schema.
  * `SELECT` and `MODIFY` **on all tables** registered as Immuta data sources so that the Immuta service principal can grant and revoke access to tables and apply Unity Catalog row- and column-level security controls.
* **Databricks account (required)**: This user account can manually configure the integration in Databricks to create the Immuta-managed catalog. To do so, this account requires the following Databricks privileges:
  * `CREATE CATALOG` **on the Unity Catalog metastore**
  * `ACCOUNT ADMIN` **on the Unity Catalog metastore** for native query audit (optional)

## Register a host

1. Click the **App Settings** icon in the navigation menu.
2. Scroll to the **Native Integration Settings** section and check the **Enable Databricks Unity Catalog support in Immuta** checkbox. The additional settings in this section are only relevant to the Databricks Spark with Unity Catalog integration and will not have any effect on the Unity Catalog integration. These can be left with their default values.
3. Click **Save** and confirm your changes.
4. Click **Data** and select the **Infrastructure** tab in the navigation menu.
5. Click the **+ Add Host** button.
6. Select the Databricks data platform tile.
7. Enter the host connection information:
   * **Host**: The hostname of your Databricks workspace.
   * **Port**: Your Databricks port.
   * **HTTP Path**: The HTTP path of your Databricks cluster or SQL warehouse.
   * **Immuta Catalog**: The name of the catalog Immuta will create to store internal entitlements and other user data specific to Immuta. This catalog will only be readable for the Immuta service principal and should not be granted to other users. The catalog name may only contain letters, numbers, and underscores and cannot start with a number.
   * **Connection Key**: A unique name for your host. This connection key will be used to create data source names for this host.
8. Click **Next**.
9. Select **Access Token** authentication method from the dropdown menu.
10. Enter the **Access Token** in the Immuta System Account Credentials section. This is the access token for the Immuta service principal. This service principal must have the metastore privileges listed in the requirements section at the top of this page for the metastore associated with the Databricks workspace. If this token is configured to expire, update this field regularly for the integration to continue to function. This authentication information will be included in the script populated later on the page.
11. Copy the provided script and run it in Databricks as a user with the `CREATE CATALOG` privilege on the Unity Catalog metastore.
12. Click **Validate Connection**.
13. If the connection is successful, click **Next**. If there are any errors, check the connection details and credentials to ensure they are correct and try again.
14. Ensure all the details are correct in the summary and click **Complete Setup**.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/data-and-integrations/registering-a-host/how-to-guides/connect-unity-catalog.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
