Databricks v1.74.0, Aug 14 25

Databricks v1.74.0 published on Thursday, Aug 14, 2025 by Pulumi

databricks.getPolicyInfo

Explore with Pulumi AI

Databricks v1.74.0 published on Thursday, Aug 14, 2025 by Pulumi

Using getPolicyInfo

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPolicyInfo(args: GetPolicyInfoArgs, opts?: InvokeOptions): Promise<GetPolicyInfoResult>
function getPolicyInfoOutput(args: GetPolicyInfoOutputArgs, opts?: InvokeOptions): Output<GetPolicyInfoResult>

def get_policy_info(column_mask: Optional[GetPolicyInfoColumnMask] = None,
                    comment: Optional[str] = None,
                    except_principals: Optional[Sequence[str]] = None,
                    for_securable_type: Optional[str] = None,
                    match_columns: Optional[Sequence[GetPolicyInfoMatchColumn]] = None,
                    name: Optional[str] = None,
                    on_securable_fullname: Optional[str] = None,
                    on_securable_type: Optional[str] = None,
                    policy_type: Optional[str] = None,
                    row_filter: Optional[GetPolicyInfoRowFilter] = None,
                    to_principals: Optional[Sequence[str]] = None,
                    when_condition: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetPolicyInfoResult
def get_policy_info_output(column_mask: Optional[pulumi.Input[GetPolicyInfoColumnMaskArgs]] = None,
                    comment: Optional[pulumi.Input[str]] = None,
                    except_principals: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                    for_securable_type: Optional[pulumi.Input[str]] = None,
                    match_columns: Optional[pulumi.Input[Sequence[pulumi.Input[GetPolicyInfoMatchColumnArgs]]]] = None,
                    name: Optional[pulumi.Input[str]] = None,
                    on_securable_fullname: Optional[pulumi.Input[str]] = None,
                    on_securable_type: Optional[pulumi.Input[str]] = None,
                    policy_type: Optional[pulumi.Input[str]] = None,
                    row_filter: Optional[pulumi.Input[GetPolicyInfoRowFilterArgs]] = None,
                    to_principals: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                    when_condition: Optional[pulumi.Input[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetPolicyInfoResult]

func LookupPolicyInfo(ctx *Context, args *LookupPolicyInfoArgs, opts ...InvokeOption) (*LookupPolicyInfoResult, error)
func LookupPolicyInfoOutput(ctx *Context, args *LookupPolicyInfoOutputArgs, opts ...InvokeOption) LookupPolicyInfoResultOutput

> Note: This function is named LookupPolicyInfo in the Go SDK.

public static class GetPolicyInfo 
{
    public static Task<GetPolicyInfoResult> InvokeAsync(GetPolicyInfoArgs args, InvokeOptions? opts = null)
    public static Output<GetPolicyInfoResult> Invoke(GetPolicyInfoInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetPolicyInfoResult> getPolicyInfo(GetPolicyInfoArgs args, InvokeOptions options)
public static Output<GetPolicyInfoResult> getPolicyInfo(GetPolicyInfoArgs args, InvokeOptions options)

fn::invoke:
  function: databricks:index/getPolicyInfo:getPolicyInfo
  arguments:
    # arguments dictionary

The following arguments are supported:

ForSecurableType string: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
PolicyType string: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
ToPrincipals List<string>: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
ColumnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
Comment string: (string) - Optional description of the policy
ExceptPrincipals List<string>: (list of string) - Optional list of user or group names that should be excluded from the policy
MatchColumns List<GetPolicyInfoMatchColumn>: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
Name string: Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
OnSecurableFullname string: Full name of the securable on which the policy is defined. Required on create and ignored on update
OnSecurableType string: Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
RowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
WhenCondition string: (string) - Optional condition when the policy should take effect

ForSecurableType string: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
PolicyType string: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
ToPrincipals []string: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
ColumnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
Comment string: (string) - Optional description of the policy
ExceptPrincipals []string: (list of string) - Optional list of user or group names that should be excluded from the policy
MatchColumns []GetPolicyInfoMatchColumn: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
Name string: Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
OnSecurableFullname string: Full name of the securable on which the policy is defined. Required on create and ignored on update
OnSecurableType string: Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
RowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
WhenCondition string: (string) - Optional condition when the policy should take effect

forSecurableType String: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
policyType String: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
toPrincipals List<String>: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
columnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment String: (string) - Optional description of the policy
exceptPrincipals List<String>: (list of string) - Optional list of user or group names that should be excluded from the policy
matchColumns List<GetPolicyInfoMatchColumn>: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name String: Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
onSecurableFullname String: Full name of the securable on which the policy is defined. Required on create and ignored on update
onSecurableType String: Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
rowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
whenCondition String: (string) - Optional condition when the policy should take effect

forSecurableType string: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
policyType string: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
toPrincipals string[]: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
columnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment string: (string) - Optional description of the policy
exceptPrincipals string[]: (list of string) - Optional list of user or group names that should be excluded from the policy
matchColumns GetPolicyInfoMatchColumn[]: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name string: Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
onSecurableFullname string: Full name of the securable on which the policy is defined. Required on create and ignored on update
onSecurableType string: Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
rowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
whenCondition string: (string) - Optional condition when the policy should take effect

for_securable_type str: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
policy_type str: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
to_principals Sequence[str]: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
column_mask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment str: (string) - Optional description of the policy
except_principals Sequence[str]: (list of string) - Optional list of user or group names that should be excluded from the policy
match_columns Sequence[GetPolicyInfoMatchColumn]: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name str: Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
on_securable_fullname str: Full name of the securable on which the policy is defined. Required on create and ignored on update
on_securable_type str: Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
row_filter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
when_condition str: (string) - Optional condition when the policy should take effect

forSecurableType String: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
policyType String: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
toPrincipals List<String>: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
columnMask Property Map: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment String: (string) - Optional description of the policy
exceptPrincipals List<String>: (list of string) - Optional list of user or group names that should be excluded from the policy
matchColumns List<Property Map>: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name String: Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
onSecurableFullname String: Full name of the securable on which the policy is defined. Required on create and ignored on update
onSecurableType String: Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
rowFilter Property Map: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
whenCondition String: (string) - Optional condition when the policy should take effect

getPolicyInfo Result

The following output properties are available:

CreatedAt int: (integer) - Time at which the policy was created, in epoch milliseconds. Output only
CreatedBy string: (string) - Username of the user who created the policy. Output only
ForSecurableType string: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
Id string: (string) - Unique identifier of the policy. This field is output only and is generated by the system
PolicyType string: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
ToPrincipals List<string>: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
UpdatedAt int: (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
UpdatedBy string: (string) - Username of the user who last modified the policy. Output only
ColumnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
Comment string: (string) - Optional description of the policy
ExceptPrincipals List<string>: (list of string) - Optional list of user or group names that should be excluded from the policy
MatchColumns List<GetPolicyInfoMatchColumn>: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
Name string: (string) - Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
OnSecurableFullname string: (string) - Full name of the securable on which the policy is defined. Required on create and ignored on update
OnSecurableType string: (string) - Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
RowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
WhenCondition string: (string) - Optional condition when the policy should take effect

CreatedAt int: (integer) - Time at which the policy was created, in epoch milliseconds. Output only
CreatedBy string: (string) - Username of the user who created the policy. Output only
ForSecurableType string: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
Id string: (string) - Unique identifier of the policy. This field is output only and is generated by the system
PolicyType string: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
ToPrincipals []string: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
UpdatedAt int: (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
UpdatedBy string: (string) - Username of the user who last modified the policy. Output only
ColumnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
Comment string: (string) - Optional description of the policy
ExceptPrincipals []string: (list of string) - Optional list of user or group names that should be excluded from the policy
MatchColumns []GetPolicyInfoMatchColumn: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
Name string: (string) - Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
OnSecurableFullname string: (string) - Full name of the securable on which the policy is defined. Required on create and ignored on update
OnSecurableType string: (string) - Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
RowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
WhenCondition string: (string) - Optional condition when the policy should take effect

createdAt Integer: (integer) - Time at which the policy was created, in epoch milliseconds. Output only
createdBy String: (string) - Username of the user who created the policy. Output only
forSecurableType String: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
id String: (string) - Unique identifier of the policy. This field is output only and is generated by the system
policyType String: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
toPrincipals List<String>: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
updatedAt Integer: (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
updatedBy String: (string) - Username of the user who last modified the policy. Output only
columnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment String: (string) - Optional description of the policy
exceptPrincipals List<String>: (list of string) - Optional list of user or group names that should be excluded from the policy
matchColumns List<GetPolicyInfoMatchColumn>: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name String: (string) - Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
onSecurableFullname String: (string) - Full name of the securable on which the policy is defined. Required on create and ignored on update
onSecurableType String: (string) - Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
rowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
whenCondition String: (string) - Optional condition when the policy should take effect

createdAt number: (integer) - Time at which the policy was created, in epoch milliseconds. Output only
createdBy string: (string) - Username of the user who created the policy. Output only
forSecurableType string: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
id string: (string) - Unique identifier of the policy. This field is output only and is generated by the system
policyType string: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
toPrincipals string[]: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
updatedAt number: (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
updatedBy string: (string) - Username of the user who last modified the policy. Output only
columnMask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment string: (string) - Optional description of the policy
exceptPrincipals string[]: (list of string) - Optional list of user or group names that should be excluded from the policy
matchColumns GetPolicyInfoMatchColumn[]: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name string: (string) - Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
onSecurableFullname string: (string) - Full name of the securable on which the policy is defined. Required on create and ignored on update
onSecurableType string: (string) - Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
rowFilter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
whenCondition string: (string) - Optional condition when the policy should take effect

created_at int: (integer) - Time at which the policy was created, in epoch milliseconds. Output only
created_by str: (string) - Username of the user who created the policy. Output only
for_securable_type str: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
id str: (string) - Unique identifier of the policy. This field is output only and is generated by the system
policy_type str: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
to_principals Sequence[str]: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
updated_at int: (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
updated_by str: (string) - Username of the user who last modified the policy. Output only
column_mask GetPolicyInfoColumnMask: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment str: (string) - Optional description of the policy
except_principals Sequence[str]: (list of string) - Optional list of user or group names that should be excluded from the policy
match_columns Sequence[GetPolicyInfoMatchColumn]: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name str: (string) - Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
on_securable_fullname str: (string) - Full name of the securable on which the policy is defined. Required on create and ignored on update
on_securable_type str: (string) - Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
row_filter GetPolicyInfoRowFilter: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
when_condition str: (string) - Optional condition when the policy should take effect

createdAt Number: (integer) - Time at which the policy was created, in epoch milliseconds. Output only
createdBy String: (string) - Username of the user who created the policy. Output only
forSecurableType String: (string) - Type of securables that the policy should take effect on. Only table is supported at this moment. Required on create and optional on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
id String: (string) - Unique identifier of the policy. This field is output only and is generated by the system
policyType String: (string) - Type of the policy. Required on create and ignored on update. Possible values are: POLICY_TYPE_COLUMN_MASK, POLICY_TYPE_ROW_FILTER
toPrincipals List<String>: (list of string) - List of user or group names that the policy applies to. Required on create and optional on update
updatedAt Number: (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
updatedBy String: (string) - Username of the user who last modified the policy. Output only
columnMask Property Map: (ColumnMaskOptions) - Options for column mask policies. Valid only if policy_type is POLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
comment String: (string) - Optional description of the policy
exceptPrincipals List<String>: (list of string) - Optional list of user or group names that should be excluded from the policy
matchColumns List<Property Map>: (list of MatchColumn) - Optional list of condition expressions used to match table columns. Only valid when for_securable_type is table. When specified, the policy only applies to tables whose columns satisfy all match conditions
name String: (string) - Name of the policy. Required on create and ignored on update. To update the name, use the new_name field
onSecurableFullname String: (string) - Full name of the securable on which the policy is defined. Required on create and ignored on update
onSecurableType String: (string) - Type of the securable on which the policy is defined. Only catalog, schema and table are supported at this moment. Required on create and ignored on update. Possible values are: CATALOG, CLEAN_ROOM, CONNECTION, CREDENTIAL, EXTERNAL_LOCATION, EXTERNAL_METADATA, FUNCTION, METASTORE, PIPELINE, PROVIDER, RECIPIENT, SCHEMA, SHARE, STAGING_TABLE, STORAGE_CREDENTIAL, TABLE, VOLUME
rowFilter Property Map: (RowFilterOptions) - Options for row filter policies. Valid only if policy_type is POLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole
whenCondition String: (string) - Optional condition when the policy should take effect

Supporting Types

GetPolicyInfoColumnMask

FunctionName string: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
OnColumn string: (string) - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
Usings List<GetPolicyInfoColumnMaskUsing>: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

FunctionName string: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
OnColumn string: (string) - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
Usings []GetPolicyInfoColumnMaskUsing: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

functionName String: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
onColumn String: (string) - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
usings List<GetPolicyInfoColumnMaskUsing>: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

functionName string: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
onColumn string: (string) - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
usings GetPolicyInfoColumnMaskUsing[]: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

function_name str: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
on_column str: (string) - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
usings Sequence[GetPolicyInfoColumnMaskUsing]: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

functionName String: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
onColumn String: (string) - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
usings List<Property Map>: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

GetPolicyInfoColumnMaskUsing

Alias string: (string) - Optional alias of the matched column
Constant string: (string) - A constant literal

Alias string: (string) - Optional alias of the matched column
Constant string: (string) - A constant literal

alias String: (string) - Optional alias of the matched column
constant String: (string) - A constant literal

alias string: (string) - Optional alias of the matched column
constant string: (string) - A constant literal

alias str: (string) - Optional alias of the matched column
constant str: (string) - A constant literal

alias String: (string) - Optional alias of the matched column
constant String: (string) - A constant literal

GetPolicyInfoMatchColumn

Alias string: (string) - Optional alias of the matched column
Condition string: (string) - The condition expression used to match a table column

Alias string: (string) - Optional alias of the matched column
Condition string: (string) - The condition expression used to match a table column

alias String: (string) - Optional alias of the matched column
condition String: (string) - The condition expression used to match a table column

alias string: (string) - Optional alias of the matched column
condition string: (string) - The condition expression used to match a table column

alias str: (string) - Optional alias of the matched column
condition str: (string) - The condition expression used to match a table column

alias String: (string) - Optional alias of the matched column
condition String: (string) - The condition expression used to match a table column

GetPolicyInfoRowFilter

FunctionName string: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
Usings List<GetPolicyInfoRowFilterUsing>: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

FunctionName string: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
Usings []GetPolicyInfoRowFilterUsing: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

functionName String: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
usings List<GetPolicyInfoRowFilterUsing>: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

functionName string: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
usings GetPolicyInfoRowFilterUsing[]: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

function_name str: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
usings Sequence[GetPolicyInfoRowFilterUsing]: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

functionName String: (string) - The fully qualified name of the row filter function. The function is called on each row of the target table. It should return a boolean value indicating whether the row should be visible to the user. Required on create and update
usings List<Property Map>: (list of FunctionArgument) - Optional list of column aliases or constant literals to be passed as arguments to the row filter function. The type of each column should match the positional argument of the row filter function

GetPolicyInfoRowFilterUsing

Alias string: (string) - Optional alias of the matched column
Constant string: (string) - A constant literal

Alias string: (string) - Optional alias of the matched column
Constant string: (string) - A constant literal

alias String: (string) - Optional alias of the matched column
constant String: (string) - A constant literal

alias string: (string) - Optional alias of the matched column
constant string: (string) - A constant literal

alias str: (string) - Optional alias of the matched column
constant str: (string) - A constant literal

alias String: (string) - Optional alias of the matched column
constant String: (string) - A constant literal

Package Details

Repository: databricks pulumi/pulumi-databricks
License: Apache-2.0
Notes: This Pulumi package is based on the databricks Terraform Provider.

Databricks v1.74.0 published on Thursday, Aug 14, 2025 by Pulumi

pulumi/pulumi-databricks

databricks.getPolicyInfo

On this page

On this page

Using getPolicyInfo

getPolicyInfo Result

Supporting Types

GetPolicyInfoColumnMask

GetPolicyInfoColumnMaskUsing

GetPolicyInfoMatchColumn

GetPolicyInfoRowFilter

GetPolicyInfoRowFilterUsing

Package Details

On this page

On this page