Permission Policies and Supported Actions for LakeFormation Resources

Supported Actions for LakeFormation SQL Resources

Table 1 lists the supported actions for LakeFormation SQL resources.

**Table 1** Supported actions for LakeFormation SQL resources
Resource Type	Permission Type
Database	ALL
	ALTER
	DROP
	DESCRIBE
	LIST_TABLE
	LIST_FUNC
	CREATE_TABLE
	CREATE_FUNC
Table/View	ALL
	ALTER
	DROP
	DESCRIBE
	UPDATE
	INSERT
	SELECT
	DELETE
Column	SELECT
Function	ALL
	ALTER
	DROP
	DESCRIBE
	EXEC

LakeFormation Permission Policies (Spark)

**Table 2** LakeFormation permission policies
Type	SQL Statement	Permission to Authenticate Access to Metadata Using IAM	Permission to Authenticate Access to SQL Resources
DDL statement	ALTER DATABASE	database:describe database:alter	database:DESCRIBE database:ALTER
	ALTER TABLE	database:describe table:describe table:alter database:create	database:DESCRIBE table:DESCRIBE table:ALTER database:CREATE_TABLE column:SELECT or table:SELECT
	ALTER VIEW	database:describe table:describe table:alter	database:DESCRIBE table:DESCRIBE column:SELECT table:ALTER
	CREATE DATABASE	database:describe database:create	database:DESCRIBE catalog:CREATE_DATABASE
	CREATE OR REPLACE FUNCTION (CREATE)	database:describe function:create	database:DESCRIBE database:CREATE_FUNC
	CREATE OR REPLACE FUNCTION (REPLACE)	database:describe function:describe function:alter	database:CREATE_FUNC database:DESCRIBE function:DESCRIBE function:ALTER
	CREATE TABLE	database:describe table:describe table:create	database:DESCRIBE database:CREATE_TABLE
	CREATE VIEW	database:describe table:describe table:drop table:create	database:CREATE_TABLE table:DESCRIBE (source\target) table:DROP(target) column:SELECT
	DROP DATABASE	database:describe database:drop	database:DESCRIBE database:DROP
	DROP FUNCTION	database:describe function:describe function:drop	database:DESCRIBE function:DESCRIBE function:DROP
	DROP TABLE	database:describe table:describe credential:describe table:drop	database:DESCRIBE table:DESCRIBE table:DROP
	DROP VIEW	database:describe table:describe table:drop	database:DESCRIBE table:DESCRIBE(target\source) table:DROP(target)
	REPAIR TABLE	database:describe table:describe credential:describe table:alter	database:DESCRIBE table:DESCRIBE table:ALTER table:SELECT
	TRUNCATE TABLE	database:describe table:describe table:alter	database:DESCRIBE table:DESCRIBE table:SELECT table:UPDATE
DML statement	INSERT TABLE	database:describe table:describe table:alter credential:describe	database:DESCRIBE table:DESCRIBE table:ALTER table:INSERT column:SELECT or table:SELECT
DML statement	LOAD DATA	database:describe table:describe credential:describe	database:DESCRIBE table:DESCRIBE table:UPDATE table:ALTER table:SELECT
DR statement	SELECT	database:describe table:describe credential:describe	database:DESCRIBE table:DESCRIBE column:SELECT
DR statement	EXPLAIN	Depends on the SQL statement.	Depends on the SQL statement.
Auxiliary statement	ANALYZE TABLE	database:describe table:describe credential:describe table:alter	database:DESCRIBE table:DESCRIBE table:SELECT table:ALTER
	DESCRIBE DATABASE	database:describe	database:DESCRIBE
	DESCRIBE FUNCTION	database:describe function:describe	database:DESCRIBE function:DESCRIBE
	DESCRIBE QUERY	database:describe table:describe	database:DESCRIBE table:DESCRIBE table:SELECT
	DESCRIBE TABLE	database:describe table:describe	database:DESCRIBE table:DESCRIBE
	REFRESH TABLE	database:describe table:describe credential:describe	database:DESCRIBE table:DESCRIBE table:SELECT
	REFRESH FUNCTION	database:describe function:describe	database:DESCRIBE function:DESCRIBE
	SHOW COLUMNS	database:describe table:describe	database:DESCRIBE table:DESCRIBE
	SHOW CREATE TABLE	database:describe table:describe	database:DESCRIBE table:DESCRIBE
	SHOW DATABASES	database:describe	catalog:LIST_DATABASE database:DESCRIBE
	SHOW FUNCTIONS	database:describe function:describe	database:DESCRIBE
	SHOW PARTITIONS	database:describe table:describe	database:DESCRIBE table:DESCRIBE
	SHOW TABLE EXTENDED	database:describe table:describe	catalog:LIST_DATABASE database:DESCRIBE table:DESCRIBE database:LIST_TABLE
	SHOW TABLES	database:describe table:describe	catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE
	SHOW TBLPROPERTIES	database:describe table:describe	database:DESCRIBE table:DESCRIBE
	SHOW VIEWS	database:describe table:describe	catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE

LakeFormation Permission Policies (HetuEngine)

**Table 3** Reference for configuration LakeFormation permissions using HetuEngine syntax
Type	Syntax	LakeFormation Permission Required for SQL Authentication	LakeFormation Permission Required for Metadata API Calling
Schema	create schema	catalog:CREATE_DATABASE	catalog:CREATE_DATABASE catalog:DESCRIBE
	show schemas	catalog:LIST_DATABASE	catalog:LIST_DATABASE
	drop schema	database:DROP	catalog:LIST_DATABASE database:DESCRIBE database:DROP
	alter schema set location/owner	database:ALTER	catalog:LIST_DATABASE database:DESCRIBE database:ALTER
	desc schema	database:LIST_DATABASE	database:LIST_DATABASE database:DESCRIBE
Table	create table	database:CREATE_TABLE	database:DESCRIBE database:CREATE_TABLE
	create table as select	database:CREATE_TABLE Source table: SELECT (or column:SELECT)	database:DESCRIBE database:CREATE_TABLE table:DESCRIBE (source table) table:select (source table)
	show create table	table:DESCRIBE	table:DESCRIBE table:select
	select from table	table:SELECT (or column:SELECT)	table:DESCRIBE table:SELECT (or column:SELECT)
	insert into table	table:INSERT table:SELECT (or column:SELECT)	table:DESCRIBE table:ALTER
	alter table	table:ALTER	table:DESCRIBE table:ALTER
	show tables	database:LIST_TABLE	catalog:LIST_DATABASE database:LIST_TABLE
	drop table	table:DROP	table:DESCRIBE table:DROP
	truncate table	table:DELETE	table:DESCRIBE
	desc table	table:DESCRIBE	catalog:LIST_DATABASE table:DESCRIBE
	comment	table:ALTER	table:DESCRIBE table:ALTER
view	create view	database:CREATE_TABLE Source table: SELECT (or column:SELECT)	database:CREATE_TABLE table:DESCRIBE (source table) table:select (source table)
	drop view	table:DROP	table:DESCRIBE table:DROP
	alter view	table:ALTER	table:DESCRIBE table:ALTER (table:SELECT)
	select from view	table:DESCRIBE (source table and view) table:select (source table and view)	table:DESCRIBE (source table and view) table:select (source table and view)
	show views	database:LIST_TABLE	catalog:LIST_DATABASE database:LIST_TABLE table:DESCRIBE
	show create view	table:DESCRIBE	table:DESCRIBE
column	show columns	table:SELECT (or column:SELECT)	catalog:LIST_DATABASE table:DESCRIBE table:SELECT (or column:SELECT)
column	select [column] from table	table:SELECT (or column:SELECT)	table:DESCRIBE table:SELECT (or column:SELECT)
stats	show stats	table:SELECT (or column:SELECT)	table:DESCRIBE table:SELECT (or column:SELECT)
stats	analyze	table:INSERT table:SELECT (or column:SELECT)	table:DESCRIBE table:ALTER

Parent topic: Creating and Using LakeFormation Metadata

Previous topic: Connecting DLI to LakeFormation

Next topic: Data Import and Migration

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.