Permission Policies and Supported Actions for LakeFormation Resources
Supported Actions for LakeFormation SQL Resources
Table 1 lists the supported actions for LakeFormation SQL resources.
LakeFormation Permission Policies (Spark)
|
Type |
SQL Statement |
Permission to Authenticate Access to Metadata Using IAM |
Permission to Authenticate Access to SQL Resources |
|---|---|---|---|
|
DDL statement |
ALTER DATABASE |
database:describe database:alter |
database:DESCRIBE database:ALTER |
|
ALTER TABLE |
database:describe table:describe table:alter database:create |
database:DESCRIBE table:DESCRIBE table:ALTER database:CREATE_TABLE column:SELECT or table:SELECT |
|
|
ALTER VIEW |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE column:SELECT table:ALTER |
|
|
CREATE DATABASE |
database:describe database:create |
database:DESCRIBE catalog:CREATE_DATABASE |
|
|
CREATE OR REPLACE FUNCTION (CREATE) |
database:describe function:create |
database:DESCRIBE database:CREATE_FUNC |
|
|
CREATE OR REPLACE FUNCTION (REPLACE) |
database:describe function:describe function:alter |
database:CREATE_FUNC database:DESCRIBE function:DESCRIBE function:ALTER |
|
|
CREATE TABLE |
database:describe table:describe table:create |
database:DESCRIBE database:CREATE_TABLE |
|
|
CREATE VIEW |
database:describe table:describe table:drop table:create |
database:CREATE_TABLE table:DESCRIBE (source\target) table:DROP(target) column:SELECT |
|
|
DROP DATABASE |
database:describe database:drop |
database:DESCRIBE database:DROP |
|
|
DROP FUNCTION |
database:describe function:describe function:drop |
database:DESCRIBE function:DESCRIBE function:DROP |
|
|
DROP TABLE |
database:describe table:describe credential:describe table:drop |
database:DESCRIBE table:DESCRIBE table:DROP |
|
|
DROP VIEW |
database:describe table:describe table:drop |
database:DESCRIBE table:DESCRIBE(target\source) table:DROP(target) |
|
|
REPAIR TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:ALTER table:SELECT |
|
|
TRUNCATE TABLE |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:UPDATE |
|
|
DML statement |
INSERT TABLE |
database:describe table:describe table:alter credential:describe |
database:DESCRIBE table:DESCRIBE table:ALTER table:INSERT column:SELECT or table:SELECT |
|
LOAD DATA |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:UPDATE table:ALTER table:SELECT |
|
|
DR statement |
SELECT |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE column:SELECT |
|
EXPLAIN |
Depends on the SQL statement. |
Depends on the SQL statement. |
|
|
Auxiliary statement |
ANALYZE TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:ALTER |
|
DESCRIBE DATABASE |
database:describe |
database:DESCRIBE |
|
|
DESCRIBE FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
DESCRIBE QUERY |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
DESCRIBE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
REFRESH TABLE |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
REFRESH FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
SHOW COLUMNS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW CREATE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW DATABASES |
database:describe |
catalog:LIST_DATABASE database:DESCRIBE |
|
|
SHOW FUNCTIONS |
database:describe function:describe |
database:DESCRIBE |
|
|
SHOW PARTITIONS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW TABLE EXTENDED |
database:describe table:describe |
catalog:LIST_DATABASE database:DESCRIBE table:DESCRIBE database:LIST_TABLE |
|
|
SHOW TABLES |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
|
|
SHOW TBLPROPERTIES |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW VIEWS |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
LakeFormation Permission Policies (HetuEngine)
|
Type |
Syntax |
LakeFormation Permission Required for SQL Authentication |
LakeFormation Permission Required for Metadata API Calling |
|---|---|---|---|
|
Schema |
create schema |
catalog:CREATE_DATABASE |
catalog:CREATE_DATABASE catalog:DESCRIBE |
|
show schemas |
catalog:LIST_DATABASE |
catalog:LIST_DATABASE |
|
|
drop schema |
database:DROP |
catalog:LIST_DATABASE database:DESCRIBE database:DROP |
|
|
alter schema set location/owner |
database:ALTER |
catalog:LIST_DATABASE database:DESCRIBE database:ALTER |
|
|
desc schema |
database:LIST_DATABASE |
database:LIST_DATABASE database:DESCRIBE |
|
|
Table |
create table |
database:CREATE_TABLE |
database:DESCRIBE database:CREATE_TABLE |
|
create table as select |
database:CREATE_TABLE Source table: SELECT (or column:SELECT) |
database:DESCRIBE database:CREATE_TABLE table:DESCRIBE (source table) table:select (source table) |
|
|
show create table |
table:DESCRIBE |
table:DESCRIBE table:select |
|
|
select from table |
table:SELECT (or column:SELECT) |
table:DESCRIBE table:SELECT (or column:SELECT) |
|
|
insert into table |
table:INSERT table:SELECT (or column:SELECT) |
table:DESCRIBE table:ALTER |
|
|
alter table |
table:ALTER |
table:DESCRIBE table:ALTER |
|
|
show tables |
database:LIST_TABLE |
catalog:LIST_DATABASE database:LIST_TABLE |
|
|
drop table |
table:DROP |
table:DESCRIBE table:DROP |
|
|
truncate table |
table:DELETE |
table:DESCRIBE |
|
|
desc table |
table:DESCRIBE |
catalog:LIST_DATABASE table:DESCRIBE |
|
|
comment |
table:ALTER |
table:DESCRIBE table:ALTER |
|
|
view |
create view |
database:CREATE_TABLE Source table: SELECT (or column:SELECT) |
database:CREATE_TABLE table:DESCRIBE (source table) table:select (source table) |
|
drop view |
table:DROP |
table:DESCRIBE table:DROP |
|
|
alter view |
table:ALTER |
table:DESCRIBE table:ALTER (table:SELECT) |
|
|
select from view |
table:DESCRIBE (source table and view) table:select (source table and view) |
table:DESCRIBE (source table and view) table:select (source table and view) |
|
|
show views |
database:LIST_TABLE |
catalog:LIST_DATABASE database:LIST_TABLE table:DESCRIBE |
|
|
show create view |
table:DESCRIBE |
table:DESCRIBE |
|
|
column |
show columns |
table:SELECT (or column:SELECT) |
catalog:LIST_DATABASE table:DESCRIBE table:SELECT (or column:SELECT) |
|
select [column] from table |
table:SELECT (or column:SELECT) |
table:DESCRIBE table:SELECT (or column:SELECT) |
|
|
stats |
show stats |
table:SELECT (or column:SELECT) |
table:DESCRIBE table:SELECT (or column:SELECT) |
|
analyze |
table:INSERT table:SELECT (or column:SELECT) |
table:DESCRIBE table:ALTER |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
