Optionaloptions: CallOptionsCreates a new authentication provider minimally based on a name and authentication type. The caller must be an admin on the metastore.
Optionaloptions: CallOptionsCreates a new recipient with the delta sharing authentication type in the metastore. The caller must be a metastore admin or have the CREATE_RECIPIENT privilege on the metastore.
Optionaloptions: CallOptionsCreates a new share for data objects. Data objects can be added after creation with update. The caller must be a metastore admin or have the CREATE_SHARE privilege on the metastore.
Optionaloptions: CallOptionsDeletes an existing federation policy for an OIDC_FEDERATION recipient. The caller must be the owner of the recipient.
Optionaloptions: CallOptionsDeletes an authentication provider, if the caller is a metastore admin or is the owner of the provider.
Optionaloptions: CallOptionsDeletes the specified recipient from the metastore. The caller must be the owner of the recipient.
Optionaloptions: CallOptionsDeletes a data object share from the metastore. The caller must be an owner of the share.
Optionaloptions: CallOptionsGets an activation URL for a share.
Optionaloptions: CallOptionsReads an existing federation policy for an OIDC_FEDERATION recipient for sharing data from
Optionaloptions: CallOptionsGets a specific authentication provider. The caller must supply the name of the provider, and must either be a metastore admin or the owner of the provider.
Optionaloptions: CallOptionsGets a share recipient from the metastore. The caller must be one of:
Optionaloptions: CallOptionsGets a data object share from the metastore. The caller must have the USE_SHARE privilege on the metastore or be the owner of the share.
Optionaloptions: CallOptionsLists federation policies for an OIDC_FEDERATION recipient for sharing data from
Optionaloptions: CallOptionsOptionaloptions: CallOptionsGets an array of available authentication providers. The caller must either be a metastore admin, have the USE_PROVIDER privilege on the providers, or be the owner of the providers. Providers not owned by the caller and for which the caller does not have the USE_PROVIDER privilege are not included in the response. There is no guarantee of a specific ordering of the elements in the array.
Optionaloptions: CallOptionsGet arrays of assets associated with a specified provider's share. The caller is the recipient of the share.
Optionaloptions: CallOptionsGets an array of a specified provider's shares within the metastore where:
Optionaloptions: CallOptionsOptionaloptions: CallOptionsOptionaloptions: CallOptionsGets an array of all share recipients within the current metastore where:
Optionaloptions: CallOptionsGets the share permissions for the specified Recipient. The caller must have the USE_RECIPIENT privilege on the metastore or be the owner of the Recipient.
Optionaloptions: CallOptionsOptionaloptions: CallOptionsGets the permissions for a data share from the metastore. The caller must have the USE_SHARE privilege on the metastore or be the owner of the share.
Optionaloptions: CallOptionsGets an array of data object shares from the metastore. If the caller has the USE_SHARE privilege on the metastore, all shares are returned. Otherwise, only shares owned by the caller are returned. There is no guarantee of a specific ordering of the elements in the array.
Optionaloptions: CallOptionsOptionaloptions: CallOptionsRetrieve access token with an activation url. This is a public API without any authentication.
Optionaloptions: CallOptionsRefreshes the specified recipient's delta sharing authentication token with the provided token info. The caller must be the owner of the recipient.
Optionaloptions: CallOptionsUpdates the information for an authentication provider, if the caller is a metastore admin or is the owner of the provider. If the update changes the provider name, the caller must be both a metastore admin and the owner of the provider.
Optionaloptions: CallOptionsUpdates an existing recipient in the metastore. The caller must be a metastore admin or the owner of the recipient. If the recipient name will be updated, the user must be both a metastore admin and the owner of the recipient.
Optionaloptions: CallOptionsUpdates the share with the changes and data objects in the request. The caller must be the owner of the share or a metastore admin.
When the caller is a metastore admin, only the owner field can be updated.
In the case the share name is changed, updateShare requires that the caller is the owner of the share and has the CREATE_SHARE privilege.
If there are notebook files in the share, the storage_root field cannot be updated.
For each table that is added through this method, the share owner must also have SELECT privilege on the table. This privilege must be maintained indefinitely for recipients to be able to access the table. Typically, you should use a group as the share owner.
Table removals through update do not require additional privileges.
Optionaloptions: CallOptionsUpdates the permissions for a data share in the metastore. The caller must have both the USE_SHARE and SET_SHARE_PERMISSION privileges on the metastore, or be the owner of the share.
For new recipient grants, the user must also be the owner of the recipients. recipient revocations do not require additional privileges.
Optionaloptions: CallOptions
Create a federation policy for an OIDC_FEDERATION recipient for sharing data from to non- recipients.
The caller must be the owner of the recipient.
When sharing data from to non- clients,
you can define a federation policy to authenticate non- recipients.
The federation policy validates OIDC claims in federated tokens and is defined at the recipient level.
This enables secretless sharing clients to authenticate using OIDC tokens.
Supported scenarios for federation policies:
For an overview, refer to:
For detailed configuration guides based on your use case: