1. A data engineer needs to audit which users accessed a specific Unity Catalog table over the past 7 days. They want to query this information programmatically using SQL inside a Databricks notebook. Which is the correct approach?
- A. Query the `system.access.audit` table in the Unity Catalog system schema, filtering by event_type and table name.✓ Correct
- B. Run DESCRIBE HISTORY on the target table — it contains user access records in addition to write operations.
- C. Use the Databricks REST API endpoint /api/2.0/unity-catalog/audit-logs to retrieve access events.
- D. Enable Spark event logging on the cluster and parse the Spark UI event log files stored in DBFS.
Explanation
Unity Catalog exposes audit log data through the system schema — specifically the `system.access.audit` table — which can be queried with SQL to see who accessed which objects and when. This is the correct, SQL-native approach for programmatic audit querying inside a notebook. Option B is incorrect: DESCRIBE HISTORY on a Delta table shows DML/DDL operation history (writes, schema changes, etc.) and does not record read access events. Option C references a REST API endpoint that does not exist in the Databricks API surface for Unity Catalog audit data. Option D describes cluster-level Spark event logs, which capture Spark job execution details — not Unity Catalog table-level access auditing.