Catalog
Last updated:2026-02-05 11:18:21
Overview
Note:
When a user binds the DLC engine on WeData and the DLC engine has TCLake enabled, the asset catalog will convert to the Catalog webpage.
Catalog is a unified data governance solution provided by WeData, designed to incorporate structured and unstructured data in various formats into uniform management, while simultaneously supporting fine-grained management of AI assets such as machine learning models. It features built-in multimodal unified data directory and uniform permission management, offering core capabilities including change, lineage, data quality, and access log.
In Catalog, metadata is designed and managed in a three-tier structure: Catalog-Schema-Table/View/Function/Model/Volume.
Layer 1 Catalog: The top-level namespace aligned with major organizational constructs such as business units, teams, projects, or enterprise business domains. It provides the primary boundary for data ownership, governance, and access control..
Layer 2 Schema: Within a catalog, schemas serve as a secondary level of organization, used to further structure data assets by dimensions such as functional modules, subsystems, or specific data domains. This layered approach improves governance clarity, logical separation of data, and scalability of the overall data architecture..
Layer 3 data objects: Data/AI objects, such as tables and models:
tables
views
Volumes (unstructured / semi-structured data)
functions (functions, UDF)
models (AI/ML models) - use MLflow for registration and incorporate into governance system
Feature Description
Catalog provides a whole set of features for data governance, covering permission, governance, lineage, access record, and change log. It is reflected in the following three-tier structure.
1. Catalog Layer
At the Catalog level, it is currently divided into Data Catalog, Model Catalog, and Volume Catalog. The Data Catalog supports managing entity objects such as table/view/function, the Model Catalog supports managing the model entity object, and the Volume Catalog supports managing the volume entity object.
Click the catalog name on the left to enter the Catalog overview page. It shows the catalog's description, schema list information, basic information and technical information. When a user creates a new Catalog, it will automatically create default schemas: default and information_schema, for quick management on schemas and data objects.
Basic information: shows tags and owners, and supports editing.
Technical information: shows creation time, creator, and data modification time.
Permission: supports permission control for Catalog. Refer to the Catalog permission part for details.
2. Schema Layer
At the Schema level, different types of schemas are created based on the Catalog type, such as data schema, model schema, and volume schema. However, the display information is basically the same: it shows the schema description and basic information of data objects under the schema, such as table name, description, and creation time. The right side displays basic information and technical information of the Schema.
3. Entity Object Layer
At layer 3 entity object, different data objects show detailed information that varies, mainly divided into:
3.1 Data Table
The data table shows various metadata information, mainly including Overview, Permissions, Generate and Update, Lineage, Data quality, Access log and Note (for detailed description of "Lineage", "Generate and Update", "Data Quality", "Access log", "Note", refer to data discovery>table detail content). The following is an introduction to each Tab page:
Overview page: Shows table description and basic metadata information of table fields. On the right, display basic information and technical information. In technical information, you can check the data source type, database, and associated data source belonging to the table, trace the table source, view the storage path and most recent DDL change time, and understand the table's metadata modification time and storage situation.
Lineage: Shows the lineage of data tables and the complete data flow chain, including data/model source, destination, and associated tasks.
Generate and Update: The Output page records data output task details, showing task ID, which time it was executed, scheduled dispatch time, start time, output time, execution time, and production time consumption, to learn about the basic situation of output tasks. The Changes page displays metadata change records, recording user metadata changes performed in the most recent 30 days.
Data quality: Data quality provides quality monitoring rules for data table configuration and a quality overview of the table data dashboard. For detailed operation instructions, see data quality in Data Discovery>Table Detail.
Access log: Captures user interactions with data tables within WeData, enabling visibility into who accessed a given table, when the access occurred, the type of access performed, the associated task ID, and the number of times that task was executed.
Note: Supports users to supplement entity objects, primarily used for the business side to add business information to entity objects.
Permissions: Supports authorization and revocation of privileges for table class objects. Refer to the Catalog permission part for details.
3.2 Model
The details page of the model is divided into the Overview page and Permissions page. On the Overview page, it centrally displays the basic information of the model, such as description, model version, deployment state, alias tag, etc., and simultaneously supports deployment and deletion operations in the Catalog module. It supports clicking on a specific model version to view the lineage information of that version. For permission information, refer to the Catalog permission part.
3.3 Volume
The details of the Volume show the description of the volume, file details (creation time, size, owner, etc.), support creating folders, and support file upload, preview (currently supported formats: CSV, TEXT, and PDF), and download. At the same time, the volume is incorporated into unified permission management. For permission details, refer to the Catalog Permission section. On the right side of the page, the basic info and technical information of the volume are displayed, making it easy to view and modify the responsible person and tags of the volume, and learn about the creation time and creator.
Catalog Permissions
Catalog Permissions is a permission model that determines who can access or manage objects in the three layers: Catalog-Schema-Table/View/Volume/Function.
Permission Principles and Concepts
Overall principles: By using Catalog as the data security boundary, implementing a hierarchical namespace permission model, and distinguishing between discovery and access privileges, a controlled, expandable, and least-privilege-compliant data governance system is achieved.
Principle 1: Implement a Hierarchical Permission Validation Model
Access control is enforced hierarchically across the catalog → schema → table/view/model/volume/function levels. Object access is validated top-down through each layer, and permission denial at any level results in access being blocked.
For example, to access a table, you must have USE CATALOG, USE SCHEMA, and SELECT TABLE permissions for the changes to take effect. The select permission alone is not allowed.
USE CATALOG itself does not mean you can view data, perform table lookup, or manipulate tables. It is not a data permission, merely a context or application scope permission. However, to perform any operation on objects (schema/table/view/volume) in the catalog, you must have USE CATALOG first.
Principle 2: Owner Responsibility Model
The Owner possesses full administrative privileges for the objects, but their permissions are still bound by the upper governance boundary and do not form a global privilege.
For example: for the schema owner permission to take effect, you must have the use permission for the parent catalog for the owner permission to take effect.
Principle 3: Principle of Least Privilege
The system follows a default-deny security model, where access is blocked unless explicitly granted. Permissions are opened only through deliberate authorization, preventing implicit inheritance or automatic approval.
For example, when granting SELECT permission on a table, the system will indicate that USE CATALOG and USE SCHEMA permissions are also required. However, these prerequisite permissions are not granted automatically and must be assigned explicitly.
Principle 4: Discovery ≠ Usage
Data should be visible, but its usage should be strictly limited.
For example:
BROWSE: See object existence
USE CATALOG: Enter and use the actual catalog.
Roles and Permissions Description
The Wedata platform defines the asset administrator role, which has management and read/write permissions for all entity objects such as catalog-schema-table in the Catalog.
Additionally, the Catalog defines privilege and object ownership, performing fine-grained permission control at three levels as follows:
Object ownership:
Each entity object (catalog/schema/table/view/volume/function/model) in Catalog has an owner. The owner possesses complete control over the object, including modification, authorization, transfer, and metadata management, while simultaneously supporting authorization and permission revocation.
Permission list: The authorization entity can grant user permissions related to the permission list:
Resource type | Privileges | Privilege Objects | Dependent Privileges | Privileges Description |
MetaLake | create catalog | MetaLake | - | Grant the permission to create a data catalog |
Catalog | use catalog | Catalog | - | Grant the permission to use a data catalog |
| alter catalog | Catalog | use catalog | Grant the permission to modify a data catalog |
| drop catalog | Catalog | use catalog | Grant the permission to delete a data catalog |
| create schema | Catalog | use catalog | Grant the permission to create a Schema |
| browse | Catalog | - | Grant the permission to view metadata objects in a data catalog |
| grant | Catalog | - | Grant the permission to manage metadata objects |
| all privileges | Catalog | - | Grant all permissions on the current object |
Schema | use schema | Catalog,Schema | use catalog | Grant the permission to use a Schema |
| alter schema | Catalog,Schema | use catalog,use schema | Grant the permission to modify a Schema |
| drop schema | Catalog,Schema | use catalog,use schema | Grant the permission to delete a Schema |
| create table | Catalog,Schema | use catalog,use schema | Grant the permission to create tables or views |
| create function | Catalog,Schema | use catalog,use schema | Grant the permission to create functions |
| create volume | Catalog,Schema | use catalog,use schema | Grant the permission to create file volumes |
| create model | Catalog,Schema | use catalog,use schema | Grant the permission to create models |
| grant | Schema | use catalog | Grant the permission to manage metadata objects |
| all privileges | schema | use catalog | Grant all permissions on the current object |
Table | select table | Catalog,Schema,Table | use catalog,use schema | Grant the permission to query tables or views |
| alter table | Catalog,Schema,Table | use catalog,use schema | Grant the permission to alter table or view metadata |
| drop table | Catalog,Schema,Table | use catalog,use schema | Grant the permission to drop tables or views |
| insert table | Catalog,Schema,Table | use catalog,use schema | Grant the permission to insert table data |
| delete table | Catalog,Schema,Table | use catalog,use schema | Grant the permission to delete table data |
| grant | Table | use catalog,use schema | Grant the permission to manage metadata objects |
| all privileges | Table | use catalog,use schema | Grant all permissions on the current object |
Function | use function | Catalog,Schema,Function | use catalog,use schema | Grant the permission to use functions |
| alter function | Catalog,Schema,Function | use catalog,use schema | Grant the permission to modify functions |
| drop function | Catalog,Schema,Function | use catalog,use schema | Grant the permission to delete functions |
| grant | Function | use catalog,use schema | Grant the permission to manage metadata objects |
| all privileges | Function | use catalog,use schema | Grant all permissions on the current object |
Volume | read volume | Catalog,Schema,Volume | use catalog,use schema | Grant the permission to read file volumes |
| write volume | Catalog,Schema,Volume | use catalog,use schema | Grant the permission to write to file volumes |
| alter volume | Catalog,Schema,Volume | use catalog,use schema | Grant the permission to modify file volumes |
| drop volume | Catalog,Schema,Volume | use catalog,use schema | Grant the permission to delete file volumes |
| grant | Volume | use catalog,use schema | Grant the permission to manage metadata objects |
| all privileges | Volume | use catalog,use schema | Grant all permissions on the current object |
Model | use model | Catalog,Schema,Model | use catalog,use schema | Grant the permission to use models |
| alter model | Catalog,Schema,Model | use catalog,use schema | Grant the permission to modify models |
| drop model | Catalog,Schema,Model | use catalog,use schema | Grant the permission to delete models |
| create model version | Catalog,Schema,Model | use catalog,use schema | Grant the permission to create model versions |
| grant | Model | use catalog,use schema | Grant the permission to manage metadata objects |
| all privileges | Model | use catalog,use schema | Grant all permissions on the current object |
Quick Start
1. Create Catalog and Authorize
When a user uses Catalog for the first time, it is required to create catalogs at first and then grant more privileges to other users to perform further operation.
1.1 Preparation
The asset administrator of WeData has management permissions for the data governance module, possesses the permission to create catalog, and can grant the CREATE CATALOG permission to other users. Before creating a Catalog, users are advised to be asset administrators or have already been granted the "create catalog" permission. Specific operations are as follows:
1. On the WeData homepage, click on the left User Management to assign the "asset administrator" role to the corresponding user.
2. Asset administrators can click create data catalogs on the Catalog webpage to perform catalog creation.
Or on the "Permission" tab of the Catalog homepage, click Authorize to grant the "create catalog" permission to appropriate project members or users:
3. Enter the authorization page, select project or user, and grant CREATE CATALOG privilege.
1.2 Create Catalog
After obtaining the permission to create catalog, you can click Create Data Catalogs in the upper right corner of the Catalog homepage to perform catalog creation.
Based on the data type, select the corresponding type of catalog, name it, and provide a description.
1.3 Authorization
1. After creating a catalog, the creator automatically becomes the owner of the catalog. The owner can grant different privileges to related users on the catalog's authorization page, such as USE CATALOG, USE SCHEMA, and SELECT TABLE privileges.
2. Grant USE CATALOG, USE SCHEMA, and SELECT TABLE permissions.
1.4 Usage Scenario
The catalog layer is typically the highest-level data asset partition, representing data ownership and governance responsibility. Enterprises can create multiple catalogs based on different departments or business domains to integrate data and business, and manage them with permissions. For example, enterprises can create catalogs representing different businesses such as e-commerce business, logistics management, marketing management, risk management, and financial management.
Allocate different catalog permissions such as Browse, USE CATALOG, and ALTER CATALOG based on business domains. You can also transfer catalog owner of different business domains to the corresponding responsible person to clarify governance responsibility.
2. Create Schema and Other Data Objects
2.1 Create Schema
After creating a Catalog, users with permissions to create a schema and use Catalog permission for the parent Catalog can create a schema on the Catalog page. Of course, the Catalog owner also has permission to create a schema.
2.2 Create Data Objects Such As Data Tables
Tables within a schema can be created either through a DLC data source or directly in WeData using statements such as CREATE TABLE. Models can be created within the Model module. Volumes can be created under a schema within a catalog, with support for file upload, download, and preview operations.
2.3 Usage Scenario
At the Schema layer, you can divide different schemas by "data processing stage or data topic". For example, under the "e-commerce business" Catalog, you can create multiple schemas by data processing stage:
Schema Name | Meaning | Data Source | Audience |
ods | raw data layer | Direct from RUM business system / logs / Kafka | data engineer |
dwd | detail standard layer | Cleaned, structured factual data | data analyst |
dws | Topic summary layer | Topic wide table, mild aggregation | BI, Operation |
ads | Application Data Layer | Report/metrics/tag results | Business personnel, product |
feature | Feature Layer | Machine Learning feature | algorithm engineer |
Different schemas can manage multiple data tables or multiple models and model versions.
Then assign different schemas to different target audiences with corresponding permission combinations. For example, for BI and operators, assign permissions such as USE CATALOG, USE SCHEMA, SELECT TABLE, and ALTER TABLE to meet their business analysis requirements.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback