- Newest
- Most votes
- Most comments
Hi, To restrict access to underlying data at an Amazon S3 site, utilize Lake Formation. On the Data Catalog tables pointing to that location, you may provide data access rights (SELECT, INSERT, and DELETE). To restrict the locations for which a principal may create or modify metadata tables, you can also provide a principal data location rights.
The actions listed below must be taken in order for you to succeed:
- Register your table data's storage location on Amazon S3 with Lake Formation. To do this, you may make use of the Lake Formation console, the API, or the AWS CLI. Additionally, you must define an IAM role with read/write access to that location.
- Using the Lake Formation interface, the API, or the AWS CLI, grant your user role the SELECT permission on the VIEW_NON_SENSITIVE table. Your user role will now be allowed to query the view but not the underlying table as a result.
- Don't give your user role any permissions to view or locate data on the TABLE_SENSITIVE database. As a result, your user role won't be allowed to see or query the table.
The AWS documentation has further information and examples on how to issue permissions using Lake Formation.
https://docs.aws.amazon.com/lake-formation/latest/dg/access-control-underlying-data.html https://docs.aws.amazon.com/lake-formation/latest/dg/access-control-underlying-data.html https://repost.aws/knowledge-center/athena-insufficient-lake-formation-permissions
I hope my answer was helpful. 🙂
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
No, this doesn't work. As the underlying table access is not provided, the select query on the view fails with below error. Any suggestions on this?
Insufficient permissions to execute the query. line 1:15: Failed analyzing stored view 'VIEW_NON_SENSITIVE ': Insufficient Lake Formation permission(s) on TABLE_SENSITIVE This query ran against the "hnb_dl01_dev_cmds_curated" database, unless qualified by the query. Please post the error message on our forum or contact customer support with Query Id: xxxxxx-xxxxxx-xxxxx-xxxx-2xxxxx69