{"id":47686301,"url":"https://github.com/databricks-solutions/genierails","last_synced_at":"2026-04-09T05:03:00.408Z","repository":{"id":346922756,"uuid":"1191230261","full_name":"databricks-solutions/genierails","owner":"databricks-solutions","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-02T13:52:55.000Z","size":733,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-03T02:23:37.214Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/databricks-solutions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS.txt","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE.md","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-25T03:23:58.000Z","updated_at":"2026-04-02T13:11:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/databricks-solutions/genierails","commit_stats":null,"previous_names":["databricks-solutions/genierails"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/databricks-solutions/genierails","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks-solutions%2Fgenierails","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks-solutions%2Fgenierails/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks-solutions%2Fgenierails/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks-solutions%2Fgenierails/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/databricks-solutions","download_url":"https://codeload.github.com/databricks-solutions/genierails/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks-solutions%2Fgenierails/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31586412,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"online","status_checked_at":"2026-04-09T02:00:06.848Z","response_time":112,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-02T14:51:33.967Z","updated_at":"2026-04-09T05:03:00.397Z","avatar_url":"https://github.com/databricks-solutions.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"shared/docs/genierails-logo.png\" alt=\"GenieRails\" width=\"500\"\u003e\n\u003c/p\u003e\n\n# GenieRails\n\nPut Genie onboarding on rails — with built-in guardrails. Point GenieRails at your tables, and it generates everything you need to run a governed Genie Space: groups, tag policies, column masks, row filters, ACLs, entitlements, and the Space itself. No Terraform to write.\n\n## What you get\n\n- **Role-based groups** — e.g. `Finance_Analyst`, `Compliance_Officer`, each with tailored data access\n- **Tag-based governance** — Unity Catalog tag policies that classify sensitive columns (PII, PCI, PHI)\n- **Column masking** — AI-generated SQL UDFs that mask sensitive data (SSN, credit cards, emails) per group\n- **Row-level security** — filter rows by region, department, compliance scope, or any business dimension\n- **Consumer entitlements** — workspace consume access granted to each group automatically\n- **Per-space Genie ACLs** — `CAN_RUN` permissions scoped per space, so each group only accesses the spaces it needs\n- **Genie Space as code** — instructions, benchmarks, SQL measures, all version-controlled\n- **Dev → prod promotion** — one command to replicate governance to production with catalog remapping\n\n## Getting Started\n\nCheck the [Prerequisites](shared/docs/prerequisites.md) first (Python, Terraform, Databricks account setup), then pick your cloud:\n\n| My workspace is on... | Start here |\n| --- | --- |\n| AWS   | [`aws/README.md`](aws/README.md) |\n| Azure | [`azure/README.md`](azure/README.md) |\n\n\u003e **Want to see it in action first?** The [Australian Bank Demo](shared/examples/aus_bank_demo/) provisions a complete environment and walks through the full flow in ~20 minutes — ANZ-specific masking, PCI compliance, AML row filters, and dev-to-prod promotion.\n\n## Repository Layout\n\n```\ngenierails/\n├── aws/            Cloud wrapper for AWS deployments\n├── azure/          Cloud wrapper for Azure deployments\n└── shared/         All shared code (Terraform modules, scripts, tests, docs)\n```\n\n`aws/` and `azure/` are the entry points — always run `make` commands from one of these directories. `shared/` holds all Terraform modules, Python scripts, and docs, and is invoked automatically through the cloud wrapper.\n\n## Documentation\n\n**Getting Started:**\n- [Prerequisites](shared/docs/prerequisites.md) — OS, Python, Terraform, network, Databricks account, cloud credentials\n- [From UI to Production](shared/docs/from-ui-to-production.md) — import your existing Genie Space, add governance, promote to prod\n- [Quickstart](shared/docs/quickstart.md) — create a Genie Space from scratch\n- [Playbook](shared/docs/playbook.md) — after first deployment: add spaces, promote, overlays, advanced scenarios\n\n**Reference:**\n- [Version Control \u0026 Standalone Terraform](shared/docs/version-control.md) — what to commit, version pinning, running Terraform directly\n- [Architecture](shared/docs/architecture.md) — layers, artifact ownership, config files, Genie Space lifecycle\n- [Country \u0026 Region Overlays](shared/docs/country-overlays.md) — region-specific PII governance (ANZ, India, Southeast Asia)\n- [Industry Overlays](shared/docs/industry-overlays.md) — industry-specific masking and access patterns (Financial Services, Healthcare, Retail)\n- [Central Governance, Self-Service Genie](shared/docs/self-service-genie.md) — central ABAC team + BU teams self-serve Genie spaces\n- [Advanced Usage](shared/docs/advanced.md) — IDP-synced groups, ABAC-only mode, masking UDF reuse, legacy migration\n- [CI/CD Integration](shared/docs/cicd.md) — validate and deploy from a pipeline\n- [Troubleshooting](shared/docs/troubleshooting.md) — imports, provider quirks, brownfield workflows\n- [Integration Testing](shared/docs/integration-testing.md) — unit tests, integration scenarios, test data\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatabricks-solutions%2Fgenierails","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatabricks-solutions%2Fgenierails","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatabricks-solutions%2Fgenierails/lists"}