Pull-quote: “Governance that the team can’t navigate is governance that the team will route around.”
Why this matters
Most data-governance projects fail because they start with policy. The good ones start with structure. Unity Catalog’s hierarchy (Catalog → Schema → Table) is the structural foundation that makes policy enforceable.
Reference layout (data-mesh)
catalog: zorost
├── domain_aviation
│ ├── flights_silver
│ ├── delays_gold
│ └── safety_rag
├── domain_manufacturing
│ ├── spc_silver
│ └── capability_gold
├── domain_freight
│ ├── corridors_silver
│ └── emissions_gold
├── domain_finance
│ └── ...
└── domain_governance ← cross-cutting
├── audit_logs
├── pii_register
└── data_quality_metricsPermission model
| Principal | What they get |
|---|---|
| Domain Steward | OWNER on domain_X.* |
| Domain Engineer | USAGE on parent catalog + USE_SCHEMA on domain_X. + CREATE on domain_X. |
| Cross-domain Analyst | SELECT on Gold tables only |
| Auditor | SELECT on domain_governance.* |
| Service Principal (apps) | SELECT on specific Gold tables · scoped by token |
Row and column security with dynamic views
Unity Catalog supports dynamic views — views whose behavior depends on the current user. A typical pattern:
CREATE VIEW domain_aviation.flights_secure AS
SELECT
flight_id,
origin_airport,
destination_airport,
CASE WHEN is_member('phi_authorized') THEN passenger_count ELSE NULL END
AS passenger_count,
...
FROM domain_aviation.flights_silver
WHERE
CASE
WHEN is_member('all_regions') THEN TRUE
ELSE region IN (SELECT region FROM domain_governance.user_region_grants
WHERE user = current_user())
END;is_member(), current_user(), mask(), and filter() together cover row-level, column-level, and full-fledged ABAC patterns.
Tags and classification
Every column and table can carry tags. We standardize a tag taxonomy:
| Tag | Values | Use |
|---|---|---|
pii_class |
pii, pii_sensitive, phi, pci, none |
Drives masking and access policy |
data_owner |
domain steward email | Clear accountability |
freshness_sla |
realtime, 1h, 1d, 1w |
Drives monitoring |
retention |
30d, 1y, 7y, permanent |
Drives lifecycle |
Tags make policy queryable: “show me all PII-tagged columns in domain_finance” returns a row, not an email thread.
Lineage and audit
Unity Catalog captures column-level lineage across SQL, Python, ML, and BI consumption. Audit logs go to a sink the security team owns. Both are queryable via system.access.audit and system.lineage.column_lineage.
Closing
Governance done right starts with structure. Unity Catalog’s hierarchy + permission model + tagging + dynamic views + lineage + audit are the primitives. The implementation is workshop-driven, but the building blocks are stable and the patterns are reproducible.
