From b7a40a77779e0e536793dede9c3c7598a658b295 Mon Sep 17 00:00:00 2001
From: Elazar Lachkar <elazar098@gmail.com>
Date: Thu, 23 Apr 2026 17:23:21 +0300
Subject: [PATCH 1/2] DBX: Reorder storage access options; Marked legacy

---
 .../databricks_permissions_and_security.mdx   | 55 ++++++++++---------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx b/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx
index 51a5401e1..33996e6d4 100644
--- a/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx
+++ b/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx
@@ -46,31 +46,7 @@ GRANT SELECT ON TABLE system.billing.list_prices TO `<service_principal_app_id>`
 Elementary requires access to the table history in order to enable automated monitors such as volume and freshness monitors.
 You can configure this in one of the following ways:
 
-#### Option 1: Fetch history using `DESCRIBE HISTORY`
-
-Elementary can fetch the table history by running `DESCRIBE HISTORY` queries on your Databricks warehouse.
-In the Elementary UI, choose **None** under **Storage access method**.
-
-This require granting SELECT access on your tables. This is a Databricks limitation - Elementary **never** reads any data from your tables, only metadata. However, there isn't 
-today any table-level metadata-only permission available in Databricks, so SELECT is required.
-
-To grant the access, use the following SQL statements:
-
-```sql
-GRANT USE CATALOG, USE SCHEMA, SELECT ON catalog <catalog> to `<service_principal_app_id>`;
-```
-
-
-#### Option 2: Credentials vending
-
-Elementary can access the storage using temporary credentials issued by Databricks through [credential vending](https://docs.databricks.com/aws/en/external-access/credential-vending).
-In the Elementary UI, choose **Credentials vending** under **Storage access method**.
-
-This requires granting `EXTERNAL USE SCHEMA` on the relevant schemas.
-
-When using this option, Elementary does not read the table data itself. It only reads the Delta transaction log, which contains metadata about the transactions.
-
-#### Option 3: Direct storage access
+#### Option 1: Direct storage access
 
 Elementary can access the storage directly using credentials that you configure.
 In the Elementary UI, choose **Direct storage access** under **Storage access method**.
@@ -135,3 +111,32 @@ After choosing **Direct storage access**, select **Secret access key** under **S
 2. Enable programmatic access.
 3. Attach the same read-only S3 policy shown above.
 4. Provide the AWS access key ID and secret access key in the Elementary UI.
+
+
+#### Option 2: Credentials vending
+
+Elementary can access the storage using temporary credentials issued by Databricks through [credential vending](https://docs.databricks.com/aws/en/external-access/credential-vending).
+In the Elementary UI, choose **Credentials vending** under **Storage access method**.
+
+This requires granting `EXTERNAL USE SCHEMA` on the relevant schemas.
+
+When using this option, Elementary does not read the table data itself. It only reads the Delta transaction log, which contains metadata about the transactions.
+
+
+#### Option 3: Fetch history using `DESCRIBE HISTORY` - **Legacy**
+
+Elementary can fetch the table history by running `DESCRIBE HISTORY` queries on your Databricks warehouse.
+In the Elementary UI, choose **None** under **Storage access method**.
+
+This require granting SELECT access on your tables. This is a Databricks limitation - Elementary **never** reads any data from your tables, only metadata. However, there isn't 
+today any table-level metadata-only permission available in Databricks, so SELECT is required.
+
+To grant the access, use the following SQL statements:
+
+```sql
+GRANT USE CATALOG, USE SCHEMA, SELECT ON catalog <catalog> to `<service_principal_app_id>`;
+```
+
+<Warning>
+This option is the least recommended, as it reuqires SELECT access and causes higher compute cost.
+</Warning>

From 4eab9ed7d1907c8a1ecbc675cfa58450622e0687 Mon Sep 17 00:00:00 2001
From: Elazar Lachkar <elazar098@gmail.com>
Date: Sun, 26 Apr 2026 13:54:58 +0300
Subject: [PATCH 2/2] Replaced warning message

---
 .../dwh/databricks/databricks_permissions_and_security.mdx    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx b/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx
index 33996e6d4..84db579ff 100644
--- a/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx
+++ b/docs/snippets/dwh/databricks/databricks_permissions_and_security.mdx
@@ -123,7 +123,7 @@ This requires granting `EXTERNAL USE SCHEMA` on the relevant schemas.
 When using this option, Elementary does not read the table data itself. It only reads the Delta transaction log, which contains metadata about the transactions.
 
 
-#### Option 3: Fetch history using `DESCRIBE HISTORY` - **Legacy**
+#### Option 3: Fetch history using `DESCRIBE HISTORY` - **DEPRECATED**
 
 Elementary can fetch the table history by running `DESCRIBE HISTORY` queries on your Databricks warehouse.
 In the Elementary UI, choose **None** under **Storage access method**.
@@ -138,5 +138,5 @@ GRANT USE CATALOG, USE SCHEMA, SELECT ON catalog <catalog> to `<service_principa
 ```
 
 <Warning>
-This option is the least recommended, as it reuqires SELECT access and causes higher compute cost.
+This option is deprecated, and will soon be removed.
 </Warning>