Data Sharing

Harbr enables you to securely share Assets using Databricks Delta Sharing. You can share data using either:

• Databricks-to-Databricks Share: Securely share with another Unity Catalog environment.

• Open Share: Share with external tools that support Delta Sharing (e.g., Power BI).

Creating a Data Share allows you to access data held within a Data Asset. A Data Share can either be created to provide access to all assets within a Data Product or to access a singular Asset.

While various asset types can be accessed via a Databricks-to-Databricks share, the Open Delta Sharing API currently only supports the sharing of tabular data via its endpoints. To access non-tabular data, consumers can either set up a Databricks-to-Databricks Delta Share or utilise the Export feature (e.g. downloading to desktop or exporting to a Connector).

To be able to create a Data Share you must have:

• an active Subscription Plan to a Product that contains an Asset.

• a Share Asset Permission to Use an Asset.

• created an Asset with appropriate permissions - instructions here.

• have Delta Sharing set up on Azure Databricks for data providers - instructions here.

• have Databricks configured on your platform - instructions here.

Set up a Data Share

There are two methods to share data held within an Asset. An Asset may be contained within a Product or be available without being associated with a Product.

A. Databricks-to-Databricks share

Use this option when your recipient has access to Databricks Unity Catalog. This is the most seamless and secure method when both sender and recipient are on Databricks with Unity Catalog enabled. See guidance here on how to create and manage recipients in Deltasharing.

If you're using a Databricks-to-Databricks Share, both the source (your platform’s metastore) and the destination (your recipient’s metastore) must be configured to support Unity Catalog with Delta Sharing.

Source Environment (Harbr Platform)

These steps are typically completed by your platform administrator:

1. Enable Delta Sharing

Enable Delta Sharing in your Databricks account settings.

• Go to Admin Console > Settings

• Turn on Enable Delta Sharing

• Select the Unity Catalog metastore used by your platform

2. Assign a Unity Catalog Metastore

Ensure the platform is assigned to an active Unity Catalog metastore.

See guidance here for how to create a metastore.

3. Grant Share Permissions

Grant the appropriate privileges to the Harbr service principal or automation identity:

GRANT CREATE SHARE ON METASTORE TO `<harbr_service_principal>`;
GRANT CREATE CATALOG ON METASTORE TO `<harbr_service_principal>`;

Note: You may also need to grant SELECT access on individual tables or views included in the shared Asset.

4. Create the Share on Harbr

• Go to My Collection and select a Product or an Asset.

• Click on the three dot menu for the Product or Asset and select Set up Databricks Share.

• Choose the appropriate sharing method based on your recipient.

• Enter a Share name, then create a Recipient using the Sharing Identifier provided by your recipient.

• Click Create.

• Provide the Sharing Identifier to your recipient, and the recipient will be able to accept it by creating a catalog in their Databricks environment.

The Sharing Identifier is generated from the recipient’s Unity Catalog metastore (format: <cloud>:<region>:<metastore-UUID>). The recipient must provide this string.

Destination Environment (Your Recipient)

The recipient’s Databricks environment must also support Unity Catalog and Delta Sharing.

1. Enable Unity Catalog + Delta Sharing

Recipients must:

• Have Unity Catalog enabled

• Assign a Unity Catalog metastore to their environment

• Enable Delta Sharing

2. Accept the Share

Once the recipient receives your Sharing Identifier, they can accept the share:

• Open the Data tab

• Click Create Catalog

• Select "From Delta Sharing"

• Paste the Sharing Identifier

• Name the new catalog

• Click Create

3. Manage Internal Access (Optional)

To give others access to the shared data, the recipient can use Unity Catalog privileges:

GRANT USAGE ON CATALOG shared_catalog TO `analyst_group`;
GRANT SELECT ON TABLE shared_catalog.table_name TO `analyst_group`;

See here for further information on how to access data shared using the Databricks-to-Databricks Delta Sharing protocol.

B. Databricks open share

Use this option when the recipient is using a non-Databricks tool, such as Power BI, pandas, or Superset. Open Shares enable flexible data access for users outside of the Databricks ecosystem.

1. Enter a Share name.

2. Click Create.

3. Open the three-dot menu next to the Share and click Download credential.

4. Share the downloaded .json file securely with your recipient.

5. The recipient can use the credential file with supported tools, such as:

   1. Power BI

   2. Pandas

   3. Apache Superset

   4. Databricks (without Unity Catalog)

Once created, you will see an activation that you can click to download a credential file to your desktop. This file contains a secure bearer token and endpoint details. You can use it to authenticate and securely access your shared data from Databricks in any platform or tool that supports open sharing.

• The file should be downloaded once and stored securely. It cannot be re-downloaded later.

• Do not open the file directly - it must be imported into the recipient’s tool (e.g., Power BI or pandas) using the appropriate connector.

• If the file is lost or compromised, rotate the token and generate a new credential.

Manage Tokens for a Data Share

Recipients tokens are created for Databricks open shares and can be rotate when required. Rotation helps maintain secure, time-limited access. You should rotate a recipient’s token and generate a new activation URL in the following circumstances:

• When the existing recipient token is about to expire or has expired

• If a recipient loses their activation URL or if it is compromised.

• If the credential is corrupted, lost, or compromised after it is downloaded by a recipient.

Only one token per recipient is active at a time

To rotate a token:

1. Go to My collection

2. Select My data shares

3. Select three dot menu next to the Data share and select Manage tokens. In this list, you can see current tokens, their status and expiration date.

4. Select Rotate tokens and enter when you wish for the current token to expire:

   1. Immediately

   2. After a specified amount of time

A new token will now be added to the Data share and can be activated by the user before it can be used to access data. The old token will stop working based on the specified expiration time.

Delete a Date Share

 Data shares can be deleted when they are not required anymore or have expired.

• Go to My Collection to select a specific Data Share

• Click on the three dot menu for a specific Data Share

• Select Delete and Confirm the deletion.

Deleting a Data Share removes access for any user that the data has been shared with.

FAQS and Troubleshooting

1. “I can’t find the Sharing Identifier in Databricks.”

The recipient must have Unity Catalog enabled. See Databricks Unity Catalog setup

2. “Metastore permissions error when creating a catalog.”

The recipient needs Metastore Admin or Catalog Creator permissions. Refer to Unity Catalog permissions

3. “Credential file won’t open.”

Save the .json file to your device and import it into the tool directly. Avoid opening it in a browser tab.

4. “How do updates to an Asset affect the share?”

Shared Assets are live views of the source Delta tables.

• Data changes are immediately available to the recipient.

• Schema changes (e.g., adding or removing columns) are also reflected, but the recipient may need to refresh their catalog or requery depending on the tool.

• Shares are read-only — recipients cannot edit the data or metadata.