Databricks v1.83.0 published on Friday, Jan 23, 2026 by Pulumi
Databricks v1.83.0 published on Friday, Jan 23, 2026 by Pulumi
Attribute-Based Access Control (ABAC) policies in Unity Catalog provide high leverage governance for enforcing compliance policies. With ABAC policies, access is controlled in a hierarchical and scalable manner, based on data attributes rather than specific resources, enabling more flexible and comprehensive access control.
ABAC policies in Unity Catalog support conditions on governance tags and the user identity. Callers must have the MANAGE privilege on a securable to view, create, update, or delete ABAC policies.
Example Usage
Row Filter Policy
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const piiRowFilter = new databricks.PolicyInfo("pii_row_filter", {
onSecurableType: "catalog",
onSecurableFullname: "main",
name: "pii_data_policy",
policyType: "POLICY_TYPE_ROW_FILTER",
forSecurableType: "table",
toPrincipals: ["account users"],
whenCondition: "hasTag('pii')",
matchColumns: [{
condition: "hasTag('pii')",
alias: "pii_col",
}],
rowFilter: {
functionName: "main.filters.mask_pii_rows",
usings: [{
alias: "pii_col",
}],
},
});
import pulumi
import pulumi_databricks as databricks
pii_row_filter = databricks.PolicyInfo("pii_row_filter",
on_securable_type="catalog",
on_securable_fullname="main",
name="pii_data_policy",
policy_type="POLICY_TYPE_ROW_FILTER",
for_securable_type="table",
to_principals=["account users"],
when_condition="hasTag('pii')",
match_columns=[{
"condition": "hasTag('pii')",
"alias": "pii_col",
}],
row_filter={
"function_name": "main.filters.mask_pii_rows",
"usings": [{
"alias": "pii_col",
}],
})
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewPolicyInfo(ctx, "pii_row_filter", &databricks.PolicyInfoArgs{
OnSecurableType: pulumi.String("catalog"),
OnSecurableFullname: pulumi.String("main"),
Name: pulumi.String("pii_data_policy"),
PolicyType: pulumi.String("POLICY_TYPE_ROW_FILTER"),
ForSecurableType: pulumi.String("table"),
ToPrincipals: pulumi.StringArray{
pulumi.String("account users"),
},
WhenCondition: pulumi.String("hasTag('pii')"),
MatchColumns: databricks.PolicyInfoMatchColumnArray{
&databricks.PolicyInfoMatchColumnArgs{
Condition: pulumi.String("hasTag('pii')"),
Alias: pulumi.String("pii_col"),
},
},
RowFilter: &databricks.PolicyInfoRowFilterArgs{
FunctionName: pulumi.String("main.filters.mask_pii_rows"),
Usings: databricks.PolicyInfoRowFilterUsingArray{
&databricks.PolicyInfoRowFilterUsingArgs{
Alias: pulumi.String("pii_col"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var piiRowFilter = new Databricks.PolicyInfo("pii_row_filter", new()
{
OnSecurableType = "catalog",
OnSecurableFullname = "main",
Name = "pii_data_policy",
PolicyType = "POLICY_TYPE_ROW_FILTER",
ForSecurableType = "table",
ToPrincipals = new[]
{
"account users",
},
WhenCondition = "hasTag('pii')",
MatchColumns = new[]
{
new Databricks.Inputs.PolicyInfoMatchColumnArgs
{
Condition = "hasTag('pii')",
Alias = "pii_col",
},
},
RowFilter = new Databricks.Inputs.PolicyInfoRowFilterArgs
{
FunctionName = "main.filters.mask_pii_rows",
Usings = new[]
{
new Databricks.Inputs.PolicyInfoRowFilterUsingArgs
{
Alias = "pii_col",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.PolicyInfo;
import com.pulumi.databricks.PolicyInfoArgs;
import com.pulumi.databricks.inputs.PolicyInfoMatchColumnArgs;
import com.pulumi.databricks.inputs.PolicyInfoRowFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var piiRowFilter = new PolicyInfo("piiRowFilter", PolicyInfoArgs.builder()
.onSecurableType("catalog")
.onSecurableFullname("main")
.name("pii_data_policy")
.policyType("POLICY_TYPE_ROW_FILTER")
.forSecurableType("table")
.toPrincipals("account users")
.whenCondition("hasTag('pii')")
.matchColumns(PolicyInfoMatchColumnArgs.builder()
.condition("hasTag('pii')")
.alias("pii_col")
.build())
.rowFilter(PolicyInfoRowFilterArgs.builder()
.functionName("main.filters.mask_pii_rows")
.usings(PolicyInfoRowFilterUsingArgs.builder()
.alias("pii_col")
.build())
.build())
.build());
}
}
resources:
piiRowFilter:
type: databricks:PolicyInfo
name: pii_row_filter
properties:
onSecurableType: catalog
onSecurableFullname: main
name: pii_data_policy
policyType: POLICY_TYPE_ROW_FILTER
forSecurableType: table
toPrincipals:
- account users
whenCondition: hasTag('pii')
matchColumns:
- condition: hasTag('pii')
alias: pii_col
rowFilter:
functionName: main.filters.mask_pii_rows
usings:
- alias: pii_col
Column Mask Policy
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const sensitiveColumnMask = new databricks.PolicyInfo("sensitive_column_mask", {
onSecurableType: "schema",
onSecurableFullname: "main.finance",
name: "sensitive_data_mask",
policyType: "POLICY_TYPE_COLUMN_MASK",
forSecurableType: "table",
toPrincipals: ["account users"],
exceptPrincipals: ["finance_admins"],
whenCondition: "hasTag('pii')",
matchColumns: [{
condition: "hasTag('pii')",
alias: "sensitive_col",
}],
columnMask: {
functionName: "main.masks.redact_sensitive",
onColumn: "sensitive_col",
usings: [{
constant: "4",
}],
},
});
import pulumi
import pulumi_databricks as databricks
sensitive_column_mask = databricks.PolicyInfo("sensitive_column_mask",
on_securable_type="schema",
on_securable_fullname="main.finance",
name="sensitive_data_mask",
policy_type="POLICY_TYPE_COLUMN_MASK",
for_securable_type="table",
to_principals=["account users"],
except_principals=["finance_admins"],
when_condition="hasTag('pii')",
match_columns=[{
"condition": "hasTag('pii')",
"alias": "sensitive_col",
}],
column_mask={
"function_name": "main.masks.redact_sensitive",
"on_column": "sensitive_col",
"usings": [{
"constant": "4",
}],
})
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewPolicyInfo(ctx, "sensitive_column_mask", &databricks.PolicyInfoArgs{
OnSecurableType: pulumi.String("schema"),
OnSecurableFullname: pulumi.String("main.finance"),
Name: pulumi.String("sensitive_data_mask"),
PolicyType: pulumi.String("POLICY_TYPE_COLUMN_MASK"),
ForSecurableType: pulumi.String("table"),
ToPrincipals: pulumi.StringArray{
pulumi.String("account users"),
},
ExceptPrincipals: pulumi.StringArray{
pulumi.String("finance_admins"),
},
WhenCondition: pulumi.String("hasTag('pii')"),
MatchColumns: databricks.PolicyInfoMatchColumnArray{
&databricks.PolicyInfoMatchColumnArgs{
Condition: pulumi.String("hasTag('pii')"),
Alias: pulumi.String("sensitive_col"),
},
},
ColumnMask: &databricks.PolicyInfoColumnMaskArgs{
FunctionName: pulumi.String("main.masks.redact_sensitive"),
OnColumn: pulumi.String("sensitive_col"),
Usings: databricks.PolicyInfoColumnMaskUsingArray{
&databricks.PolicyInfoColumnMaskUsingArgs{
Constant: pulumi.String("4"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var sensitiveColumnMask = new Databricks.PolicyInfo("sensitive_column_mask", new()
{
OnSecurableType = "schema",
OnSecurableFullname = "main.finance",
Name = "sensitive_data_mask",
PolicyType = "POLICY_TYPE_COLUMN_MASK",
ForSecurableType = "table",
ToPrincipals = new[]
{
"account users",
},
ExceptPrincipals = new[]
{
"finance_admins",
},
WhenCondition = "hasTag('pii')",
MatchColumns = new[]
{
new Databricks.Inputs.PolicyInfoMatchColumnArgs
{
Condition = "hasTag('pii')",
Alias = "sensitive_col",
},
},
ColumnMask = new Databricks.Inputs.PolicyInfoColumnMaskArgs
{
FunctionName = "main.masks.redact_sensitive",
OnColumn = "sensitive_col",
Usings = new[]
{
new Databricks.Inputs.PolicyInfoColumnMaskUsingArgs
{
Constant = "4",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.PolicyInfo;
import com.pulumi.databricks.PolicyInfoArgs;
import com.pulumi.databricks.inputs.PolicyInfoMatchColumnArgs;
import com.pulumi.databricks.inputs.PolicyInfoColumnMaskArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sensitiveColumnMask = new PolicyInfo("sensitiveColumnMask", PolicyInfoArgs.builder()
.onSecurableType("schema")
.onSecurableFullname("main.finance")
.name("sensitive_data_mask")
.policyType("POLICY_TYPE_COLUMN_MASK")
.forSecurableType("table")
.toPrincipals("account users")
.exceptPrincipals("finance_admins")
.whenCondition("hasTag('pii')")
.matchColumns(PolicyInfoMatchColumnArgs.builder()
.condition("hasTag('pii')")
.alias("sensitive_col")
.build())
.columnMask(PolicyInfoColumnMaskArgs.builder()
.functionName("main.masks.redact_sensitive")
.onColumn("sensitive_col")
.usings(PolicyInfoColumnMaskUsingArgs.builder()
.constant("4")
.build())
.build())
.build());
}
}
resources:
sensitiveColumnMask:
type: databricks:PolicyInfo
name: sensitive_column_mask
properties:
onSecurableType: schema
onSecurableFullname: main.finance
name: sensitive_data_mask
policyType: POLICY_TYPE_COLUMN_MASK
forSecurableType: table
toPrincipals:
- account users
exceptPrincipals:
- finance_admins
whenCondition: hasTag('pii')
matchColumns:
- condition: hasTag('pii')
alias: sensitive_col
columnMask:
functionName: main.masks.redact_sensitive
onColumn: sensitive_col
usings:
- constant: '4'
Create PolicyInfo Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyInfo(name: string, args: PolicyInfoArgs, opts?: CustomResourceOptions);@overload
def PolicyInfo(resource_name: str,
args: PolicyInfoArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyInfo(resource_name: str,
opts: Optional[ResourceOptions] = None,
for_securable_type: Optional[str] = None,
policy_type: Optional[str] = None,
to_principals: Optional[Sequence[str]] = None,
column_mask: Optional[PolicyInfoColumnMaskArgs] = None,
comment: Optional[str] = None,
except_principals: Optional[Sequence[str]] = None,
match_columns: Optional[Sequence[PolicyInfoMatchColumnArgs]] = None,
name: Optional[str] = None,
on_securable_fullname: Optional[str] = None,
on_securable_type: Optional[str] = None,
row_filter: Optional[PolicyInfoRowFilterArgs] = None,
when_condition: Optional[str] = None)func NewPolicyInfo(ctx *Context, name string, args PolicyInfoArgs, opts ...ResourceOption) (*PolicyInfo, error)public PolicyInfo(string name, PolicyInfoArgs args, CustomResourceOptions? opts = null)
public PolicyInfo(String name, PolicyInfoArgs args)
public PolicyInfo(String name, PolicyInfoArgs args, CustomResourceOptions options)
type: databricks:PolicyInfo
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyInfoArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyInfoArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyInfoArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyInfoArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyInfoArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyInfoResource = new Databricks.PolicyInfo("policyInfoResource", new()
{
ForSecurableType = "string",
PolicyType = "string",
ToPrincipals = new[]
{
"string",
},
ColumnMask = new Databricks.Inputs.PolicyInfoColumnMaskArgs
{
FunctionName = "string",
OnColumn = "string",
Usings = new[]
{
new Databricks.Inputs.PolicyInfoColumnMaskUsingArgs
{
Alias = "string",
Constant = "string",
},
},
},
Comment = "string",
ExceptPrincipals = new[]
{
"string",
},
MatchColumns = new[]
{
new Databricks.Inputs.PolicyInfoMatchColumnArgs
{
Alias = "string",
Condition = "string",
},
},
Name = "string",
OnSecurableFullname = "string",
OnSecurableType = "string",
RowFilter = new Databricks.Inputs.PolicyInfoRowFilterArgs
{
FunctionName = "string",
Usings = new[]
{
new Databricks.Inputs.PolicyInfoRowFilterUsingArgs
{
Alias = "string",
Constant = "string",
},
},
},
WhenCondition = "string",
});
example, err := databricks.NewPolicyInfo(ctx, "policyInfoResource", &databricks.PolicyInfoArgs{
ForSecurableType: pulumi.String("string"),
PolicyType: pulumi.String("string"),
ToPrincipals: pulumi.StringArray{
pulumi.String("string"),
},
ColumnMask: &databricks.PolicyInfoColumnMaskArgs{
FunctionName: pulumi.String("string"),
OnColumn: pulumi.String("string"),
Usings: databricks.PolicyInfoColumnMaskUsingArray{
&databricks.PolicyInfoColumnMaskUsingArgs{
Alias: pulumi.String("string"),
Constant: pulumi.String("string"),
},
},
},
Comment: pulumi.String("string"),
ExceptPrincipals: pulumi.StringArray{
pulumi.String("string"),
},
MatchColumns: databricks.PolicyInfoMatchColumnArray{
&databricks.PolicyInfoMatchColumnArgs{
Alias: pulumi.String("string"),
Condition: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
OnSecurableFullname: pulumi.String("string"),
OnSecurableType: pulumi.String("string"),
RowFilter: &databricks.PolicyInfoRowFilterArgs{
FunctionName: pulumi.String("string"),
Usings: databricks.PolicyInfoRowFilterUsingArray{
&databricks.PolicyInfoRowFilterUsingArgs{
Alias: pulumi.String("string"),
Constant: pulumi.String("string"),
},
},
},
WhenCondition: pulumi.String("string"),
})
var policyInfoResource = new PolicyInfo("policyInfoResource", PolicyInfoArgs.builder()
.forSecurableType("string")
.policyType("string")
.toPrincipals("string")
.columnMask(PolicyInfoColumnMaskArgs.builder()
.functionName("string")
.onColumn("string")
.usings(PolicyInfoColumnMaskUsingArgs.builder()
.alias("string")
.constant("string")
.build())
.build())
.comment("string")
.exceptPrincipals("string")
.matchColumns(PolicyInfoMatchColumnArgs.builder()
.alias("string")
.condition("string")
.build())
.name("string")
.onSecurableFullname("string")
.onSecurableType("string")
.rowFilter(PolicyInfoRowFilterArgs.builder()
.functionName("string")
.usings(PolicyInfoRowFilterUsingArgs.builder()
.alias("string")
.constant("string")
.build())
.build())
.whenCondition("string")
.build());
policy_info_resource = databricks.PolicyInfo("policyInfoResource",
for_securable_type="string",
policy_type="string",
to_principals=["string"],
column_mask={
"function_name": "string",
"on_column": "string",
"usings": [{
"alias": "string",
"constant": "string",
}],
},
comment="string",
except_principals=["string"],
match_columns=[{
"alias": "string",
"condition": "string",
}],
name="string",
on_securable_fullname="string",
on_securable_type="string",
row_filter={
"function_name": "string",
"usings": [{
"alias": "string",
"constant": "string",
}],
},
when_condition="string")
const policyInfoResource = new databricks.PolicyInfo("policyInfoResource", {
forSecurableType: "string",
policyType: "string",
toPrincipals: ["string"],
columnMask: {
functionName: "string",
onColumn: "string",
usings: [{
alias: "string",
constant: "string",
}],
},
comment: "string",
exceptPrincipals: ["string"],
matchColumns: [{
alias: "string",
condition: "string",
}],
name: "string",
onSecurableFullname: "string",
onSecurableType: "string",
rowFilter: {
functionName: "string",
usings: [{
alias: "string",
constant: "string",
}],
},
whenCondition: "string",
});
type: databricks:PolicyInfo
properties:
columnMask:
functionName: string
onColumn: string
usings:
- alias: string
constant: string
comment: string
exceptPrincipals:
- string
forSecurableType: string
matchColumns:
- alias: string
condition: string
name: string
onSecurableFullname: string
onSecurableType: string
policyType: string
rowFilter:
functionName: string
usings:
- alias: string
constant: string
toPrincipals:
- string
whenCondition: string
PolicyInfo Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyInfo resource accepts the following input properties:
- For
Securable stringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Policy
Type string - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - To
Principals List<string> - List of user or group names that the policy applies to. Required on create and optional on update
- Column
Mask PolicyInfo Column Mask - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - Comment string
- Optional description of the policy
- Except
Principals List<string> - Optional list of user or group names that should be excluded from the policy
- Match
Columns List<PolicyInfo Match Column> - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - Name string
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - On
Securable stringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- On
Securable stringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Row
Filter PolicyInfo Row Filter - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - When
Condition string - Optional condition when the policy should take effect
- For
Securable stringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Policy
Type string - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - To
Principals []string - List of user or group names that the policy applies to. Required on create and optional on update
- Column
Mask PolicyInfo Column Mask Args - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - Comment string
- Optional description of the policy
- Except
Principals []string - Optional list of user or group names that should be excluded from the policy
- Match
Columns []PolicyInfo Match Column Args - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - Name string
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - On
Securable stringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- On
Securable stringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Row
Filter PolicyInfo Row Filter Args - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - When
Condition string - Optional condition when the policy should take effect
- for
Securable StringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy
Type String - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - to
Principals List<String> - List of user or group names that the policy applies to. Required on create and optional on update
- column
Mask PolicyInfo Column Mask - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment String
- Optional description of the policy
- except
Principals List<String> - Optional list of user or group names that should be excluded from the policy
- match
Columns List<PolicyInfo Match Column> - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name String
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on
Securable StringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on
Securable StringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - row
Filter PolicyInfo Row Filter - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - when
Condition String - Optional condition when the policy should take effect
- for
Securable stringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy
Type string - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - to
Principals string[] - List of user or group names that the policy applies to. Required on create and optional on update
- column
Mask PolicyInfo Column Mask - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment string
- Optional description of the policy
- except
Principals string[] - Optional list of user or group names that should be excluded from the policy
- match
Columns PolicyInfo Match Column[] - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name string
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on
Securable stringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on
Securable stringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - row
Filter PolicyInfo Row Filter - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - when
Condition string - Optional condition when the policy should take effect
- for_
securable_ strtype - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy_
type str - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - to_
principals Sequence[str] - List of user or group names that the policy applies to. Required on create and optional on update
- column_
mask PolicyInfo Column Mask Args - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment str
- Optional description of the policy
- except_
principals Sequence[str] - Optional list of user or group names that should be excluded from the policy
- match_
columns Sequence[PolicyInfo Match Column Args] - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name str
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on_
securable_ strfullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on_
securable_ strtype - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - row_
filter PolicyInfo Row Filter Args - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - when_
condition str - Optional condition when the policy should take effect
- for
Securable StringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy
Type String - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - to
Principals List<String> - List of user or group names that the policy applies to. Required on create and optional on update
- column
Mask Property Map - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment String
- Optional description of the policy
- except
Principals List<String> - Optional list of user or group names that should be excluded from the policy
- match
Columns List<Property Map> - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name String
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on
Securable StringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on
Securable StringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - row
Filter Property Map - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - when
Condition String - Optional condition when the policy should take effect
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyInfo resource produces the following output properties:
- Created
At int - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- Created
By string - (string) - Username of the user who created the policy. Output only
- Id string
- The provider-assigned unique ID for this managed resource.
- Updated
At int - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- Updated
By string - (string) - Username of the user who last modified the policy. Output only
- Created
At int - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- Created
By string - (string) - Username of the user who created the policy. Output only
- Id string
- The provider-assigned unique ID for this managed resource.
- Updated
At int - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- Updated
By string - (string) - Username of the user who last modified the policy. Output only
- created
At Integer - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created
By String - (string) - Username of the user who created the policy. Output only
- id String
- The provider-assigned unique ID for this managed resource.
- updated
At Integer - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated
By String - (string) - Username of the user who last modified the policy. Output only
- created
At number - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created
By string - (string) - Username of the user who created the policy. Output only
- id string
- The provider-assigned unique ID for this managed resource.
- updated
At number - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated
By string - (string) - Username of the user who last modified the policy. Output only
- created_
at int - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created_
by str - (string) - Username of the user who created the policy. Output only
- id str
- The provider-assigned unique ID for this managed resource.
- updated_
at int - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated_
by str - (string) - Username of the user who last modified the policy. Output only
- created
At Number - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created
By String - (string) - Username of the user who created the policy. Output only
- id String
- The provider-assigned unique ID for this managed resource.
- updated
At Number - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated
By String - (string) - Username of the user who last modified the policy. Output only
Look up Existing PolicyInfo Resource
Get an existing PolicyInfo resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyInfoState, opts?: CustomResourceOptions): PolicyInfo@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
column_mask: Optional[PolicyInfoColumnMaskArgs] = None,
comment: Optional[str] = None,
created_at: Optional[int] = None,
created_by: Optional[str] = None,
except_principals: Optional[Sequence[str]] = None,
for_securable_type: Optional[str] = None,
match_columns: Optional[Sequence[PolicyInfoMatchColumnArgs]] = None,
name: Optional[str] = None,
on_securable_fullname: Optional[str] = None,
on_securable_type: Optional[str] = None,
policy_type: Optional[str] = None,
row_filter: Optional[PolicyInfoRowFilterArgs] = None,
to_principals: Optional[Sequence[str]] = None,
updated_at: Optional[int] = None,
updated_by: Optional[str] = None,
when_condition: Optional[str] = None) -> PolicyInfofunc GetPolicyInfo(ctx *Context, name string, id IDInput, state *PolicyInfoState, opts ...ResourceOption) (*PolicyInfo, error)public static PolicyInfo Get(string name, Input<string> id, PolicyInfoState? state, CustomResourceOptions? opts = null)public static PolicyInfo get(String name, Output<String> id, PolicyInfoState state, CustomResourceOptions options)resources: _: type: databricks:PolicyInfo get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Column
Mask PolicyInfo Column Mask - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - Comment string
- Optional description of the policy
- Created
At int - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- Created
By string - (string) - Username of the user who created the policy. Output only
- Except
Principals List<string> - Optional list of user or group names that should be excluded from the policy
- For
Securable stringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Match
Columns List<PolicyInfo Match Column> - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - Name string
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - On
Securable stringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- On
Securable stringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Policy
Type string - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - Row
Filter PolicyInfo Row Filter - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - To
Principals List<string> - List of user or group names that the policy applies to. Required on create and optional on update
- Updated
At int - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- Updated
By string - (string) - Username of the user who last modified the policy. Output only
- When
Condition string - Optional condition when the policy should take effect
- Column
Mask PolicyInfo Column Mask Args - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - Comment string
- Optional description of the policy
- Created
At int - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- Created
By string - (string) - Username of the user who created the policy. Output only
- Except
Principals []string - Optional list of user or group names that should be excluded from the policy
- For
Securable stringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Match
Columns []PolicyInfo Match Column Args - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - Name string
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - On
Securable stringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- On
Securable stringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - Policy
Type string - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - Row
Filter PolicyInfo Row Filter Args - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - To
Principals []string - List of user or group names that the policy applies to. Required on create and optional on update
- Updated
At int - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- Updated
By string - (string) - Username of the user who last modified the policy. Output only
- When
Condition string - Optional condition when the policy should take effect
- column
Mask PolicyInfo Column Mask - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment String
- Optional description of the policy
- created
At Integer - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created
By String - (string) - Username of the user who created the policy. Output only
- except
Principals List<String> - Optional list of user or group names that should be excluded from the policy
- for
Securable StringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - match
Columns List<PolicyInfo Match Column> - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name String
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on
Securable StringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on
Securable StringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy
Type String - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - row
Filter PolicyInfo Row Filter - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - to
Principals List<String> - List of user or group names that the policy applies to. Required on create and optional on update
- updated
At Integer - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated
By String - (string) - Username of the user who last modified the policy. Output only
- when
Condition String - Optional condition when the policy should take effect
- column
Mask PolicyInfo Column Mask - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment string
- Optional description of the policy
- created
At number - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created
By string - (string) - Username of the user who created the policy. Output only
- except
Principals string[] - Optional list of user or group names that should be excluded from the policy
- for
Securable stringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - match
Columns PolicyInfo Match Column[] - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name string
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on
Securable stringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on
Securable stringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy
Type string - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - row
Filter PolicyInfo Row Filter - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - to
Principals string[] - List of user or group names that the policy applies to. Required on create and optional on update
- updated
At number - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated
By string - (string) - Username of the user who last modified the policy. Output only
- when
Condition string - Optional condition when the policy should take effect
- column_
mask PolicyInfo Column Mask Args - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment str
- Optional description of the policy
- created_
at int - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created_
by str - (string) - Username of the user who created the policy. Output only
- except_
principals Sequence[str] - Optional list of user or group names that should be excluded from the policy
- for_
securable_ strtype - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - match_
columns Sequence[PolicyInfo Match Column Args] - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name str
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on_
securable_ strfullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on_
securable_ strtype - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy_
type str - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - row_
filter PolicyInfo Row Filter Args - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - to_
principals Sequence[str] - List of user or group names that the policy applies to. Required on create and optional on update
- updated_
at int - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated_
by str - (string) - Username of the user who last modified the policy. Output only
- when_
condition str - Optional condition when the policy should take effect
- column
Mask Property Map - Options for column mask policies. Valid only if
policy_typeisPOLICY_TYPE_COLUMN_MASK. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - comment String
- Optional description of the policy
- created
At Number - (integer) - Time at which the policy was created, in epoch milliseconds. Output only
- created
By String - (string) - Username of the user who created the policy. Output only
- except
Principals List<String> - Optional list of user or group names that should be excluded from the policy
- for
Securable StringType - Type of securables that the policy should take effect on.
Only
TABLEis supported at this moment. Required on create and optional on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - match
Columns List<Property Map> - Optional list of condition expressions used to match table columns.
Only valid when
for_securable_typeisTABLE. When specified, the policy only applies to tables whose columns satisfy all match conditions - name String
- Name of the policy. Required on create and optional on update.
To rename the policy, set
nameto a different value on update - on
Securable StringFullname - Full name of the securable on which the policy is defined. Required on create and ignored on update
- on
Securable StringType - Type of the securable on which the policy is defined.
Only
CATALOG,SCHEMAandTABLEare supported at this moment. Required on create and ignored on update. Possible values are:CATALOG,CLEAN_ROOM,CONNECTION,CREDENTIAL,EXTERNAL_LOCATION,EXTERNAL_METADATA,FUNCTION,METASTORE,PIPELINE,PROVIDER,RECIPIENT,SCHEMA,SHARE,STAGING_TABLE,STORAGE_CREDENTIAL,TABLE,VOLUME - policy
Type String - Type of the policy. Required on create and ignored on update. Possible values are:
POLICY_TYPE_COLUMN_MASK,POLICY_TYPE_ROW_FILTER - row
Filter Property Map - Options for row filter policies. Valid only if
policy_typeisPOLICY_TYPE_ROW_FILTER. Required on create and optional on update. When specified on update, the new options will replace the existing options as a whole - to
Principals List<String> - List of user or group names that the policy applies to. Required on create and optional on update
- updated
At Number - (integer) - Time at which the policy was last modified, in epoch milliseconds. Output only
- updated
By String - (string) - Username of the user who last modified the policy. Output only
- when
Condition String - Optional condition when the policy should take effect
Supporting Types
PolicyInfoColumnMask, PolicyInfoColumnMaskArgs
- Function
Name string - On
Column string - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
- Usings
List<Policy
Info Column Mask Using>
- Function
Name string - On
Column string - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
- Usings
[]Policy
Info Column Mask Using
- function
Name String - on
Column String - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
- usings
List<Policy
Info Column Mask Using>
- function
Name string - on
Column string - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
- usings
Policy
Info Column Mask Using[]
- function_
name str - on_
column str - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
- usings
Sequence[Policy
Info Column Mask Using]
- function
Name String - on
Column String - The alias of the column to be masked. The alias must refer to one of matched columns. The values of the column is passed to the column mask function as the first argument. Required on create and update
- usings List<Property Map>
PolicyInfoColumnMaskUsing, PolicyInfoColumnMaskUsingArgs
PolicyInfoMatchColumn, PolicyInfoMatchColumnArgs
PolicyInfoRowFilter, PolicyInfoRowFilterArgs
PolicyInfoRowFilterUsing, PolicyInfoRowFilterUsingArgs
Import
As of Pulumi v1.5, resources can be imported through configuration.
hcl
import {
id = “on_securable_type,on_securable_fullname,name”
to = databricks_policy_info.this
}
If you are using an older version of Pulumi, import the resource using the pulumi import command as follows:
$ pulumi import databricks:index/policyInfo:PolicyInfo this "on_securable_type,on_securable_fullname,name"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.
Databricks v1.83.0 published on Friday, Jan 23, 2026 by Pulumi
