# 🔐 Introduction to Unity Catalog

Unity Catalog is Databricks’ unified governance solution that offers **centralized data access control** across **multiple workspaces** and **cloud environments**. It improves upon the legacy Hive metastore by standardizing permissions, identity, and security across your data ecosystem.

---

## 🏛️ Architecture Overview

Unity Catalog uses a **three-level namespace** to organize and manage data:

1. **Metastore**  
   - The top-level container that holds metadata and access control information.
2. **Catalog**  
   - Contains collections of schemas.
3. **Schema**  
   - Holds the actual data assets such as **tables**, **views**, and **functions**.

> Full object path example: `metastore.catalog.schema.table`

---

## 🔒 Security Enhancements

Unity Catalog provides **stronger security** and centralized governance:

- **Identity & Access Control** is managed at the account level (via the **Account Console**) instead of per workspace.
- **Centralized User and Group Management** through account-wide controls instead of local workspace admins.

---

## ✅ Authentication and Access Control

- Supports secure authentication via:
  - **Storage Credentials**
  - **External Locations**
- This enables secure and flexible access to cloud storage (e.g., S3, ADLS).

---

## 📦 Delta Sharing Concepts

- Unity Catalog introduces:
  - **Shares**: Represent datasets to be shared.
  - **Recipients**: External consumers of shared data.
- Enables secure **data sharing across platforms**, although this session provides only a brief overview.

---

## 👥 Identity Management

Three identity types in Unity Catalog:

- **Users**: Individual human accounts.
- **Service Principals**: Application or automated identities.
- **Groups**: Logical grouping of users for access control.

✨ **Identity Federation** allows management of identities **at the account level**, simplifying governance across multiple workspaces.

---

## 🛡️ Security Model: Privileges

Unity Catalog supports granular privileges for different types of access:

### 🔹 General Privileges
- `USAGE`
- `SELECT`
- `MODIFY`
- `CREATE`

### 🔹 Storage Privileges
- `READ FILES`
- `WRITE FILES`

These privileges apply to objects like catalogs, schemas, tables, and external locations.

---

## 🧩 Legacy Compatibility

Unity Catalog is **additive**, meaning it **coexists with the Hive metastore**. Legacy workflows can still function while migrating to Unity Catalog.

---

## 🔍 Data Discovery & Lineage Tracking

- Built-in **data discovery** capabilities for easier search and classification.
- **Automated data lineage** tracking across tables and pipelines to support governance and compliance.

---

## 🧑‍💼 Accessing the Account Console

Administrators can manage:
- Users
- Groups
- Workspaces
- Metastore assignments

Navigate to the **Account Console** from your Databricks workspace settings to configure Unity Catalog access and security settings.

---

Unity Catalog brings modern, scalable, and secure **data governance** to the Lakehouse platform—ensuring compliance, flexibility, and discoverability at scale.
