By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lake Formation Grant Permission on View Occurs an Error.

0

Hi, I granted permission to an IAM user on both view and table. With the permission granted user, I could access the table but not the view.

Here's my Lake Formation configuration. Enter image description here

Here's the error when I try to access view.

Insufficient permissions to execute the query. line 1:15: Failed analyzing stored view 'awsdatacatalog.permission-test-db-03.s3_summary_view': Insufficient Lake Formation permission(s) on hyperbilling_data_clientname

The view is created based on the table and it seems like the view can't access the table itself. Please advise how I can solve this issue.

Topics
AnalyticsSecurity, Identity, & Compliance
Tags
Amazon AthenaAWS Identity and Access ManagementAWS Lake FormationIAM Policies
Language
English
Sojeong
asked a year ago479 views
2 Answers
0
Accepted Answer

Hi, From the message captured, it seems that there is a lack of permissions in the query underlying your view. Your view is likely referencing several tables. A view runs as the owner of the view, and is a way for a user with more permissions to grant limited access to a user with less permissions. This means that the query inside of the view is analyzed using the permissions of the user that owns the view. If the view does not have an owner, then we verify that the user accessing the view has permissions to the data.

Anyway, the owner of the view will need SELECT with GRANT of all tables in the view. Could you please check this point and let us know if it solves your issue ? https://docs.aws.amazon.com/lake-formation/latest/dg/tut-grant-select.html

profile pictureAWS
AWS-User-4441565
answered a year ago
0

Hi, Thank you so much for the answer! I could solve the issue by granting additional permission to another table which are referenced from the view.

I do have one more simple question just out of curiosity.

  1. Why can't I select any Grantable permissions ** for table permission and select all tables** for resource type when I grant permission to IAMAllowedPrincipals? Is this because IAMAllowedPrincipals doesn't really act as a group, but instead it's more like configuration to allow IAM control?
Sojeong
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content