Lake Formation Column-based access on a resource link


First, what I see in the very last screenshot image of the Granting resource link permissions page is that the 'column based permissions' option is disabled ... Different presentation

..., but in our account, for a resource link I have a different presentation with different options, no super. No super persmission

  1. Not blocker : I wonder if the difference between the two images is only a recent change in the interface.
  2. Blocker: Why it isn't possible to grant column-bassed permissions on a resource link?

Our use case is the following.

  • Producer account : Sharing 'tableA' with an external account (Consumer) with Alter, Describe, Insert & Select permissions with all columns. Done with both cross account versions
  • Consumer account:
    • Create resource link tableA_producer from the Producer.tableA shared table.
    • Trying to grant access to some users to tableA_producer, but to only some columns ... But what I see now is that it is not possible, why ? We don't want to do multiple resource sharings from Prod for the same resource.

Bonus question : What are the differences between the 'cross account version settings' version 1 and 2 ? Enter image description here

1 Answer

The resource link to a shared database or for a table allows for that database or table to appear in the Amazon Athena and Amazon Redshift Spectrum query editors. That is different from providing Table access. You can still provide access an individual table (with optional column filtering) as the next step.

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions