Control access to feature tables in Workspace Feature Store (legacy)
This article describes how to control access to feature tables in workspaces that are not enabled for Unity Catalog. If your workspace is enabled for Unity Catalog, use Unity Catalog privileges instead.
You can configure Feature Store access control to grant fine-grained permissions on feature table metadata. You can control a user’s ability to view a feature table in the UI, edit its description, manage other users’ permissions on the table, and delete the table.
Note
Feature Store access control does not govern access to the underlying Delta table, which is governed by table access control.
You can assign three permission levels to feature table metadata: CAN VIEW METADATA, CAN EDIT METADATA, and CAN MANAGE. Any user can create a new feature table. The table lists the abilities for each permission.
Ability | CAN VIEW METADATA | CAN EDIT METADATA | CAN MANAGE |
---|---|---|---|
Read feature table | X | X | X |
Search feature table | X | X | X |
Publish feature table to online store | X | X | X |
Write features to feature table | X | X | |
Update description of feature table | X | X | |
Modify permissions on feature table | X | ||
Delete feature table | X |
By default, when a feature table is created:
- The creator has CAN MANAGE permission
- Workspace admins have CAN MANAGE permission
- Other users have NO PERMISSIONS
Configure permissions for a feature table
On the feature table page, click the arrow to the right of the name of the feature table and select Permissions. If you do not have CAN MANAGE permission for the feature table, you will not see this option.
Edit the permissions and click Save.
Configure permissions for all feature tables in Feature Store
Workspace administrators can use the Feature Store UI to set permission levels on all feature tables for specific users or groups.
Note
- A user with CAN MANAGE permission for the Feature Store can change Feature Store permissions for all other users.
- Permissions set from the feature store page also apply to all future feature tables.
On the feature store page, click Permissions. This button is only available for workspace administrators and users with CAN MANAGE permission for the Feature Store.
Edit the permissions and click Save.
Permissions set on the Feature Store page can only be removed from that page. On the feature table page, you can override settings from the Feature Store page to add permissions, but you cannot set more restrictive permissions.
When you navigate to a specific feature table page, permissions set from the feature store page are marked “Some permissions cannot be removed because they are inherited”.