Skip to main content

Terraform Install

Unity Catalog Required

SAT v0.5.0 and higher requires Unity Catalog. Make sure Unity Catalog is enabled in your Databricks environment before installing SAT.

Note

We welcome your feedback and comments — please reach out to us at sat@databricks.com or open a GitHub issue.

Please review the Project Support section for important information on support and usage terms.

SAT can be set up on any of the cloud platforms where Databricks is hosted using Terraform. Please follow the setup guide specific to your cloud provider:

Permissions Analysis Setup

After installing SAT, you will need to manually complete the Permissions Analysis app deployment and configuration by following these steps:

1. Deploy the app using the Databricks CLI

Deploy the app using the appropriate command based on your installation method:

For DABs installations:

databricks apps deploy sat-permissions-exp --source-code-path /Workspace/Applications/SAT/files/app/brickhound

For Terraform installations:

databricks apps deploy sat-permissions-exp --source-code-path /Workspace/Repos/Applications/SAT_TF/app/brickhound
databricks app deploy
Note

The app compute may take a few minutes to start. Please make sure that Compute > Apps > sat-permissions-exp is "running" in your workspace before proceeding to the next step.

2. Configure app resources

Edit the app configuration in the Databricks UI and assign the following resources:

Resource TypeResource KeySecret ScopeSecret KeyValue
SQL warehousesql-warehouse
Secretsat_scopesql-warehouse-idsql-warehouse-id
Secretsat_scopeanalysis_schema_nameanalysis_schema_name

3. Grant Unity Catalog permissions

After running the jobs and before the first use of the app, you need to grant Unity Catalog permissions to the app's service principal.

  1. Copy the App authorization service principal (not the name, the actual service principal ID)
  2. Run the following SQL commands to grant the necessary permissions:
-- Grant USE CATALOG permission
GRANT USE CATALOG ON CATALOG <your SAT UC catalog>
TO `<app authorization service principal>`;

-- Grant USE SCHEMA permission
GRANT USE SCHEMA ON SCHEMA <your SAT UC catalog>.<SAT Schema>
TO `<app authorization service principal>`;

-- Grant SELECT on all tables in the schema
GRANT SELECT ON SCHEMA <your SAT UC catalog>.<SAT Schema>
TO `<app authorization service principal>`;
Tip

Replace <your SAT UC catalog>, <SAT Schema>, and <app authorization service principal> with your actual values.