Move from OSS to Enterprise¶
DataMuru OSS is the evaluation and open-core foundation. DataMuru Enterprise adds identity lifecycle, private provider extensions, richer import/adoption, multi-workspace operating controls, support, and commercial entitlement.
Recommended adoption path¶
- Install OSS in a sandbox and validate project structure.
- Connect one non-production workspace in
live-readonly. - Run import discovery and generate an import review suite.
- Review generated workspace, RBAC, taxonomy, and masking files with platform owners.
- Enable Enterprise features only after the target account and identity permissions are confirmed.
- Run
datamuru enterprise activation checkbefore connecting the project to a hosted control plane. - Move to
live-applyonly for targeted, reviewed resources.
Enterprise auth options¶
PAT auth remains useful for quick tests, but Enterprise pilots should prefer organization-approved auth:
provider:
cloud: azure
auth_type: databricks-cli
profile: enterprise-dev
execution_mode: live-readonly
sql_warehouse_id_env: DATABRICKS_SQL_WAREHOUSE_ID
DataMuru reads ~/.databrickscfg by default. You can override it with:
$env:DATABRICKS_CONFIG_FILE="<path-to-your-databrickscfg>"
$env:DATABRICKS_CONFIG_PROFILE="enterprise-dev"
For managed identity, SAML/SSO, OAuth M2M, and customer-specific token brokerage, use the Enterprise provider extension path. OSS exposes the configuration boundary; Enterprise owns the secure credential acquisition and policy controls.
Generate a brownfield review suite¶
Run this in a sandbox or read-only enterprise workspace:
datamuru import generate `
--config datamuru.yml `
--catalog existing_catalog `
--suite-out .\import-review
The suite includes:
| File | Purpose |
|---|---|
workspaces/imported-dev.yml |
Catalogs, schemas, principals, and memberships discovered from the workspace. |
governance/rbac.imported.yml |
Starter RBAC roles and assignments generated from live grants. |
governance/taxonomy.imported.yml |
Placeholder taxonomy for curation. |
governance/masking.imported.yml |
Placeholder masking policy hooks for review. |
Import generation does not mutate Databricks. It produces reviewable files that teams can copy into the main project after cleanup.
Enterprise validation checklist¶
datamuru doctorsucceeds with the approved auth method.datamuru enterprise activation checksucceeds before hosted control plane onboarding.- Account SCIM is available before testing managed users, groups, service principals, or group memberships.
- A SQL warehouse is configured before grant import or live ACL apply.
- Generated files do not contain system-owned catalogs, schemas, or groups
unless
--include-systemwas intentionally used. - State adoption uses explicit
--targetvalues and is reviewed before--auto-approve.
Snowflake migration note¶
Snowflake is now represented as a first-class provider for state-only planning and live-readonly database/schema discovery. Use OSS to inspect bounded Snowflake trial or sandbox inventory:
pip install "datamuru[snowflake]"
datamuru import discover --config datamuru.yml --catalog FINANCE
Live Snowflake apply, destroy, identity import, and grant import remain Enterprise-hardening work and should be tested with controlled credentials before production rollout.