Lake Formation Grant Permission on View Occurs an Error.
Hi, I granted permission to an IAM user on both view and table. With the permission granted user, I could access the table but not the view.
Here's my Lake Formation configuration.
Here's the error when I try to access view.
Insufficient permissions to execute the query. line 1:15: Failed analyzing stored view 'awsdatacatalog.permission-test-db-03.s3_summary_view': Insufficient Lake Formation permission(s) on hyperbilling_data_clientname
The view is created based on the table and it seems like the view can't access the table itself. Please advise how I can solve this issue.
- 최신
- 최다 투표
- 가장 많은 댓글
Hi, From the message captured, it seems that there is a lack of permissions in the query underlying your view. Your view is likely referencing several tables. A view runs as the owner of the view, and is a way for a user with more permissions to grant limited access to a user with less permissions. This means that the query inside of the view is analyzed using the permissions of the user that owns the view. If the view does not have an owner, then we verify that the user accessing the view has permissions to the data.
Anyway, the owner of the view will need SELECT with GRANT of all tables in the view. Could you please check this point and let us know if it solves your issue ? https://docs.aws.amazon.com/lake-formation/latest/dg/tut-grant-select.html
Hi, Thank you so much for the answer! I could solve the issue by granting additional permission to another table which are referenced from the view.
I do have one more simple question just out of curiosity.
- Why can't I select any Grantable permissions ** for table permission and select all tables** for resource type when I grant permission to IAMAllowedPrincipals? Is this because IAMAllowedPrincipals doesn't really act as a group, but instead it's more like configuration to allow IAM control?
관련 콘텐츠
AWS 공식업데이트됨 일 년 전
