🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided DP-750 Domain 2
Domain 2 — Module 3 of 5 60%
8 of 28 overall

DP-750 Study Guide

Domain 1: Set Up and Configure an Azure Databricks Environment

  • Azure Databricks: Your Lakehouse Platform Free
  • Choosing the Right Compute Free
  • Configuring Compute for Performance Free
  • Unity Catalog: The Three-Level Namespace Free
  • Tables, Views & External Catalogs Free

Domain 2: Secure and Govern Unity Catalog Objects

  • Securing Unity Catalog: Who Gets What
  • Secrets & Authentication
  • Data Discovery & Attribute-Based Access
  • Row Filters, Column Masks & Retention
  • Lineage, Audit Logs & Delta Sharing

Domain 3: Prepare and Process Data

  • Data Modeling: Ingestion Design Free
  • SCD, Granularity & Temporal Tables
  • Partitioning, Clustering & Table Optimization
  • Ingesting Data: Lakeflow Connect & Notebooks
  • Ingesting Data: SQL Methods & CDC
  • Streaming Ingestion: Structured Streaming & Event Hubs
  • Auto Loader & Declarative Pipelines
  • Cleansing & Profiling Data Free
  • Transforming & Loading Data
  • Data Quality & Schema Enforcement

Domain 4: Deploy and Maintain Data Pipelines and Workloads

  • Building Data Pipelines Free
  • Lakeflow Jobs: Create & Configure
  • Lakeflow Jobs: Schedule, Alerts & Recovery
  • Git & Version Control
  • Testing & Databricks Asset Bundles
  • Monitoring Clusters & Troubleshooting
  • Spark Performance: DAG & Query Profile
  • Optimizing Delta Tables & Azure Monitor

DP-750 Study Guide

Domain 1: Set Up and Configure an Azure Databricks Environment

  • Azure Databricks: Your Lakehouse Platform Free
  • Choosing the Right Compute Free
  • Configuring Compute for Performance Free
  • Unity Catalog: The Three-Level Namespace Free
  • Tables, Views & External Catalogs Free

Domain 2: Secure and Govern Unity Catalog Objects

  • Securing Unity Catalog: Who Gets What
  • Secrets & Authentication
  • Data Discovery & Attribute-Based Access
  • Row Filters, Column Masks & Retention
  • Lineage, Audit Logs & Delta Sharing

Domain 3: Prepare and Process Data

  • Data Modeling: Ingestion Design Free
  • SCD, Granularity & Temporal Tables
  • Partitioning, Clustering & Table Optimization
  • Ingesting Data: Lakeflow Connect & Notebooks
  • Ingesting Data: SQL Methods & CDC
  • Streaming Ingestion: Structured Streaming & Event Hubs
  • Auto Loader & Declarative Pipelines
  • Cleansing & Profiling Data Free
  • Transforming & Loading Data
  • Data Quality & Schema Enforcement

Domain 4: Deploy and Maintain Data Pipelines and Workloads

  • Building Data Pipelines Free
  • Lakeflow Jobs: Create & Configure
  • Lakeflow Jobs: Schedule, Alerts & Recovery
  • Git & Version Control
  • Testing & Databricks Asset Bundles
  • Monitoring Clusters & Troubleshooting
  • Spark Performance: DAG & Query Profile
  • Optimizing Delta Tables & Azure Monitor
Domain 2: Secure and Govern Unity Catalog Objects Premium ⏱ ~12 min read

Data Discovery & Attribute-Based Access

Make data findable with descriptions and tags, then control access with attribute-based policies (ABAC) — a modern approach to governance at scale.

Why data discovery matters

☕ Simple explanation

Imagine a library with no card catalogue.

You have 10,000 books (tables) across 50 shelves (schemas). Without a catalogue telling you what each book contains, you’d spend hours wandering the shelves. That’s what a lakehouse without descriptions feels like.

Data discovery means making every table and column self-describing — so analysts can find what they need without asking the data engineer. Tags take this further by categorising data (e.g., “contains PII,” “finance team only”) so security policies can apply automatically.

Unity Catalog supports rich metadata for data discovery: table descriptions, column descriptions, and tags. This metadata powers Catalog Explorer search, AI/BI Genie, and enables attribute-based access control (ABAC) — a governance model where access decisions are driven by data attributes (tags) rather than explicit per-table grants.

ABAC scales better than traditional access control because you define policies against tags, and any table tagged with that attribute automatically gets the policy applied.

Descriptions for data discovery

Table and column descriptions

-- Add a table description
COMMENT ON TABLE prod_sales.curated.daily_revenue
  IS 'Daily revenue aggregated by region and product category. Source: POS system. Refreshed nightly at 3 AM NZST. Owner: data-engineering team.';

-- Add column descriptions
COMMENT ON COLUMN prod_sales.curated.daily_revenue.region
  IS 'Business region code: APAC, EMEA, Americas. Maps to dim_region.region_code.';

COMMENT ON COLUMN prod_sales.curated.daily_revenue.revenue
  IS 'Total revenue in USD. Excludes taxes and returns. Decimal(12,2).';

Good descriptions answer: What is this data? Where does it come from? How often is it refreshed? Who owns it?

Ravi documents every table at DataPulse Analytics so new team members can self-serve. When they search in Catalog Explorer, descriptions appear in search results.

Best practices for descriptions

ElementWhat to IncludeExample
Table descriptionPurpose, source system, refresh schedule, owner”Customer dim from CRM, daily refresh, owned by data-eng”
Column descriptionBusiness meaning, allowed values, unit, foreign key”ISO currency code (USD, EUR, GBP). FK to dim_currency.”
Schema descriptionWhat data lives here, who uses it”Gold layer: business aggregates for BI team consumption”

Tags in Unity Catalog

Tags are key-value pairs attached to Unity Catalog objects. They enable classification and policy enforcement:

-- Tag a table as containing PII
ALTER TABLE prod_sales.curated.customers
  SET TAGS ('data_classification' = 'pii', 'retention_years' = '7');

-- Tag a column as containing sensitive data
ALTER TABLE prod_sales.curated.customers
  ALTER COLUMN email SET TAGS ('sensitivity' = 'high');

-- Tag a schema
ALTER SCHEMA prod_sales.raw
  SET TAGS ('environment' = 'production', 'team' = 'data-engineering');

-- View tags
SELECT * FROM system.information_schema.table_tags
WHERE schema_name = 'curated';

Mei Lin uses tags at Freshmart to classify every table by sensitivity level and regulatory domain.

Attribute-Based Access Control (ABAC)

ABAC is the next evolution of access control. Instead of granting access table-by-table, you define policies based on tags:

Traditional (Per-Object)ABAC (Tag-Based)
GRANT SELECT on table_a TO analystsIF tag data_classification = ‘public’ THEN GRANT SELECT TO analysts
GRANT SELECT on table_b TO analystsNew public tables automatically accessible
Must update every new tablePolicy applies to ALL tagged tables

How ABAC works in Unity Catalog

  1. Tag your objects — classify tables, columns, schemas with meaningful tags
  2. Create tag-based policies — define rules that reference tags
  3. Automatic enforcement — any object matching the tag gets the policy applied
-- Example: tag-based policy concept
-- "Any table tagged data_classification=pii requires the pii-readers group"
-- "Any column tagged sensitivity=high must be masked for non-admin users"
💡 Exam tip: ABAC vs. traditional GRANT

The exam may present scenarios where you choose between:

  • Traditional GRANTs — best for small-scale, specific table permissions
  • ABAC with tags — best for large-scale governance where you have hundreds of tables and need consistent policy enforcement

If the question mentions “at scale,” “automatically apply to new tables,” or “policy-driven governance” — ABAC is the answer.

Question

What is attribute-based access control (ABAC) in Unity Catalog?

Click or press Enter to reveal answer

Answer

ABAC uses tags (key-value pairs) on data objects to drive access policies. Instead of granting access table-by-table, you define policies based on tag values (e.g., 'all PII-tagged tables require the pii-readers group'). Scales better than per-object grants.

Click to flip back
Question

What should a good table description include?

Click or press Enter to reveal answer

Answer

Purpose (what the data represents), source system, refresh schedule, data owner, and any important caveats. This enables data discovery via Catalog Explorer and AI/BI Genie.

Click to flip back
Question

How do tags differ from descriptions in Unity Catalog?

Click or press Enter to reveal answer

Answer

Descriptions are free-text documentation for humans. Tags are structured key-value pairs that enable automated policy enforcement (ABAC), classification, and programmatic data governance.

Click to flip back

🎬 Video coming soon

Knowledge check

Knowledge Check

Mei Lin manages 500+ tables across Freshmart's lakehouse. She needs to ensure that any table containing customer PII is automatically restricted to the 'pii-readers' group — including new tables added in the future. Which approach scales best?
Knowledge Check

Ravi joins DataPulse Analytics and needs to find tables related to customer segmentation. He searches Catalog Explorer but finds no useful results — table names like 'tbl_cs_v3' and 'staging_202603' are meaningless. What should the data engineering team do?

Next up: Row Filters, Column Masks & Retention — dynamic data masking and data retention policies.

← Previous

Secrets & Authentication

Next →

Row Filters, Column Masks & Retention

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.