Lake Formation Column-based access on a resource link

0

First, what I see in the very last screenshot image of the Granting resource link permissions page is that the 'column based permissions' option is disabled ... Different presentation

..., but in our account, for a resource link I have a different presentation with different options, no super. No super persmission

  1. Not blocker : I wonder if the difference between the two images is only a recent change in the interface.
  2. Blocker: Why it isn't possible to grant column-bassed permissions on a resource link?

Our use case is the following.

  • Producer account : Sharing 'tableA' with an external account (Consumer) with Alter, Describe, Insert & Select permissions with all columns. Done with both cross account versions
  • Consumer account:
    • Create resource link tableA_producer from the Producer.tableA shared table.
    • Trying to grant access to some users to tableA_producer, but to only some columns ... But what I see now is that it is not possible, why ? We don't want to do multiple resource sharings from Prod for the same resource.

Bonus question : What are the differences between the 'cross account version settings' version 1 and 2 ? Enter image description here

已提問 2 年前檢視次數 627 次
1 個回答
0

The resource link to a shared database or for a table allows for that database or table to appear in the Amazon Athena and Amazon Redshift Spectrum query editors. That is different from providing Table access. You can still provide access an individual table (with optional column filtering) as the next step.

profile pictureAWS
已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南