🔒 Unity Catalog Authorization

Row Filters

How Unity Catalog automatically filters which rows each user can see, based on their identity.

📖 Row Filters & Column Masks Documentation
↓ Scroll to explore the flow
1

User Queries Table

Alice runs a query: SELECT * FROM sales_data

She wants to see sales records, but the table contains data from all sales reps.

2

All Data Exists

The table contains records owned by Alice, Bob, and Carol.

Without row filters, Alice would see everyone's data — a security problem!

3

Row Filter Evaluates

Unity Catalog applies the row filter function:

WHERE owner = current_user()

For Alice, this becomes: WHERE owner = 'alice@company.com'

4

Non-Matching Rows Hidden

Bob's and Carol's rows fail the filter — they simply don't exist in Alice's results.

Alice never knows these rows exist. She sees a complete-looking dataset.

5

Alice Sees Her Data

Alice receives only her rows. Same query, different user, different results.

If Bob runs the same query, he sees only his rows. Zero code changes needed.

👤
Alice
alice@company.com
📝
SELECT *
FROM sales_data
🔍
Row Filter
owner = current_user()
📊
sales_data
All records
👤 Alice | $50,000 | Q4
👤 Bob | $30,000 | Q4
👤 Alice | $25,000 | Q3
👤 Carol | $45,000 | Q4
👤 Bob | $20,000 | Q3
👤 Alice | $15,000 | Q3
Alice's Results
3 rows returned

Key Takeaways

🔍 Automatic Filtering

Row filters are applied automatically by UC — no app code changes needed.

👤 User-Specific Results

Same query returns different data based on who's asking.

🔒 Invisible Rows

Users don't know filtered rows exist — complete isolation.

⚡ current_user() Magic

UC function returns the authenticated user's identity automatically.

← Back to AI Governance 📄 View Full Docs on GitHub