Permission Policies and Supported Actions for LakeFormation Resources
Supported Actions for LakeFormation SQL Resources
Table 1 lists the supported actions for LakeFormation SQL resources.
LakeFormation Permission Policies
|
Type |
SQL Statement |
Permission to Authenticate Access to Metadata Using IAM |
Permission to Authenticate Access to SQL Resources |
|---|---|---|---|
|
DDL statement |
ALTER DATABASE |
database:describe database:alter |
database:DESCRIBE database:ALTER |
|
ALTER TABLE |
database:describe table:describe table:alter database:create |
database:DESCRIBE table:DESCRIBE table:ALTER database:CREATE_TABLE column:SELECT or table:SELECT |
|
|
ALTER VIEW |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE column:SELECT table:ALTER |
|
|
CREATE DATABASE |
database:describe database:create |
database:DESCRIBE catalog:CREATE_DATABASE |
|
|
CREATE OR REPLACE FUNCTION (CREATE) |
database:describe function:create |
database:DESCRIBE database:CREATE_FUNC |
|
|
CREATE OR REPLACE FUNCTION (REPLACE) |
database:describe function:describe function:alter |
database:CREATE_FUNC database:DESCRIBE function:DESCRIBE function:ALTER |
|
|
CREATE TABLE |
database:describe table:describe table:create |
database:DESCRIBE database:CREATE_TABLE |
|
|
CREATE VIEW |
database:describe table:describe table:drop table:create |
database:CREATE_TABLE table:DESCRIBE (source\target) table:DROP(target) column:SELECT |
|
|
DROP DATABASE |
database:describe database:drop |
database:DESCRIBE database:DROP |
|
|
DROP FUNCTION |
database:describe function:describe function:drop |
database:DESCRIBE function:DESCRIBE function:DROP |
|
|
DROP TABLE |
database:describe table:describe credential:describe table:drop |
database:DESCRIBE table:DESCRIBE table:DROP |
|
|
DROP VIEW |
database:describe table:describe table:drop |
database:DESCRIBE table:DESCRIBE(target\source) table:DROP(target) |
|
|
REPAIR TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:ALTER table:SELECT |
|
|
TRUNCATE TABLE |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:UPDATE |
|
|
DML statement |
INSERT TABLE |
database:describe table:describe table:alter credential:describe |
database:DESCRIBE table:DESCRIBE table:ALTER table:INSERT column:SELECT or table:SELECT |
|
LOAD DATA |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:UPDATE table:ALTER table:SELECT |
|
|
DR statement |
SELECT |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE column:SELECT |
|
EXPLAIN |
Depends on the SQL statement. |
Depends on the SQL statement. |
|
|
Auxiliary statement |
ANALYZE TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:ALTER |
|
DESCRIBE DATABASE |
database:describe |
database:DESCRIBE |
|
|
DESCRIBE FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
DESCRIBE QUERY |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
DESCRIBE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
REFRESH TABLE |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
REFRESH FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
SHOW COLUMNS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW CREATE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW DATABASES |
database:describe |
catalog:LIST_DATABASE database:DESCRIBE |
|
|
SHOW FUNCTIONS |
database:describe function:describe |
database:DESCRIBE |
|
|
SHOW PARTITIONS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW TABLE EXTENDED |
database:describe table:describe |
catalog:LIST_DATABASE database:DESCRIBE table:DESCRIBE database:LIST_TABLE |
|
|
SHOW TABLES |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
|
|
SHOW TBLPROPERTIES |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW VIEWS |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
