- Newest
- Most votes
- Most comments
Hello there,
Thank you for reaching out. This issue seems to be with the Lake formation permissions. Please refer the document - https://repost.aws/knowledge-center/glue-insufficient-lakeformation-permissions
If the issue persists after trying these steps, we would recommend you to engage with AWS support to investigate further.
I hope this helps, thank you!
The issue you're experiencing with Lake Formation permissions while updating the CUDOS Dashboard is complex and can be caused by several factors. Let's break down the problem and potential solutions:
-
Lake Formation Permissions: Even though you have full admin permissions, Lake Formation uses a separate permission model. The error suggests that there might be an issue with permissions specifically for creating or replacing the view 'cid_tmp_deleteme'.
-
Database Location: The error occurs when trying to create a view named 'cid_tmp_deleteme'. It's possible that the CLI is attempting to create this view in a database where you don't have the necessary permissions, despite having access to the 'cid_data_export' database and 'cur2' table.
-
Granular Permissions: Lake Formation permissions can be very granular. You might need to ensure you have CREATE, ALTER, and DROP permissions for views in the specific database where 'cid_tmp_deleteme' is being created.
-
Role Assumptions: The CLI might be assuming a different role when executing these commands, which could have different permissions than your admin user.
-
Resource Links: Lake Formation uses resource links which could affect how permissions are applied across different databases or accounts.
To troubleshoot this issue:
-
Verify the exact database where 'cid_tmp_deleteme' is being created. You may need to grant permissions on this specific database in Lake Formation.
-
Ensure that the role or user executing the CLI commands has explicit permissions in Lake Formation to create views in the relevant database.
-
Check if there are any resource links in Lake Formation that might be affecting permission inheritance.
-
Try granting 'Super' permissions in Lake Formation to the executing role/user temporarily to see if it resolves the issue.
-
Verify that the Data Catalog settings in Lake Formation are not restricting view creation.
-
Check if there are any service-linked roles or resource-based policies that might be interfering with the permission model.
If the issue persists after trying these steps, you may need to engage with AWS support to investigate any potential bugs in the CUDOS framework deployment process or discrepancies between your account's Lake Formation setup and the expected configuration for the CUDOS dashboards.
Sources
AWS::LakeFormation::Permissions - AWS CloudFormation
AWS::LakeFormation::PrincipalPermissions - AWS CloudFormation
AWS::LakeFormation::Permissions DataLakePrincipal - AWS CloudFormation
Relevant content
- asked 6 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 10 months ago
Hi,
with regards to permissions for Lake Formation, the AWS Glue team & Athena team have looked into it and said everything looks fine and I should be able to run the command, and they don't know why it's not working permission wise. They raised an internal ticket which also confirmed that I do have the permissions. One reason I posted here is because the CUDOS FAQ suggests asking here in case of issues.