Provide Lake Formation access to view while denying access to underlying Table

Hi, To restrict access to underlying data at an Amazon S3 site, utilize Lake Formation. On the Data Catalog tables pointing to that location, you may provide data access rights (SELECT, INSERT, and DELETE). To restrict the locations for which a principal may create or modify metadata tables, you can also provide a principal data location rights.

The actions listed below must be taken in order for you to succeed:

• Register your table data's storage location on Amazon S3 with Lake Formation. To do this, you may make use of the Lake Formation console, the API, or the AWS CLI. Additionally, you must define an IAM role with read/write access to that location.
• Using the Lake Formation interface, the API, or the AWS CLI, grant your user role the SELECT permission on the VIEW_NON_SENSITIVE table. Your user role will now be allowed to query the view but not the underlying table as a result.
• Don't give your user role any permissions to view or locate data on the TABLE_SENSITIVE database. As a result, your user role won't be allowed to see or query the table.

The AWS documentation has further information and examples on how to issue permissions using Lake Formation.

https://docs.aws.amazon.com/lake-formation/latest/dg/access-control-underlying-data.html https://docs.aws.amazon.com/lake-formation/latest/dg/access-control-underlying-data.html https://repost.aws/knowledge-center/athena-insufficient-lake-formation-permissions

I hope my answer was helpful. 🙂