Your Databricks jobs were migrated to Unity Catalog last week. A nightly Silver write is failing because the storage credential has rotated, and you cannot change IAM roles tonight. How do you restore the write within the same window, considering Unity Catalog grants on the storage credential, external location, object ownership on `catalog.schema.table`, and job cluster access mode, while keeping auditability intact?

First, identify the storage credential that the job uses by querying SHOW CREDENTIALS in the catalog. Create a new storage credential with the rotated key using CREATE STORAGE CREDENTIAL my_cred WITH TYPE = S3 WITH PARAMETERS (...). Grant the credential to the external location: GRANT USAGE ON CREDENTIAL my_cred TO EXTERNAL LOCATION my_ext_loc. Ensure the external location is still owned by the catalog and that the job’s cluster has the USAGE privilege on the credential. Next, update the external location to point to the new credential: ALTER EXTERNAL LOCATION my_ext_loc SET CREDENTIAL my_cred. Verify that the table’s ownership is still correct: SHOW GRANTS ON TABLE catalog.schema.table and re‑grant if necessary. For the job cluster, set the cluster mode to “Notebooks” or “Jobs” with the correct cluster policy that includes the storage credential. Finally, run a quick test write to confirm permissions. All changes are logged in the Unity Catalog audit logs, preserving auditability. This restores the nightly write without touching IAM roles.