Granting Permissions in Batches
Function
This API is used to grant permissions in batches.
URI
POST /v1/{project_id}/instances/{instance_id}/policies/grant
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. For how to obtain the project ID, see Obtaining a Project ID. |
instance_id |
Yes |
String |
LakeFormation instance ID. The value is automatically generated when the instance is created, for example, 2180518f-42b8-4947-b20b-adfc53981a25. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
Array of strings |
Tenant token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
principal_list |
Yes |
Array of Principal objects |
Entity information. |
resource |
Yes |
ResourceInfo object |
Resource information. |
effect |
Yes |
Boolean |
Deny/Allow. |
permissions |
Yes |
Array of strings |
Permission list: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, CREATE_MODEL, CREATE_DATASET, LIST_DATASET, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH and ALTER VIEW MODIFY QUERY. Enumeration values:
|
grant_able_permissions |
No |
Array of strings |
Transferable permissions: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, CREATE_MODEL, CREATE_DATASET, LIST_DATASET, INSERT,UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH and ALTER VIEW MODIFY QUERY. Enumeration values:
|
conditions |
No |
String |
Condition. |
data_filter |
No |
String |
Row filtering. |
data_mask |
No |
String |
Column mask. |
data_mask_type |
No |
String |
Data masking type. REDACT: Revision masking. HASH: Hash encryption. PARTIAL_MASK: Partial masking. NULLIFY: Replaces the original value with NULL. UNMASKED: Displays the original value. DATA_ONLY_SHOW_YEAR: Displays only the year part of the date string. CUSTOM: Custom masking rules. Enumeration values:
|
parameters |
No |
Map<String,String> |
Parameter. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
principal_type |
Yes |
String |
Entity type. USER: user GROUP: group ROLE: role SHARE: share OTHER: others Enumeration values:
|
principal_source |
Yes |
String |
Entity source. IAM: cloud user SAML: SAML-based federation LDAP: ID user LOCAL: local user AGENTTENANT: agency OTHER: others Enumeration values:
|
principal_name |
Yes |
String |
Entity name. The value can contain 1 to 49 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed. The value of principal_name can contain hyphens (-), but hyphens (-) are not supoorted during permission grant. In this case, you can bind the principal_name to a role for permission grant. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
catalogs |
No |
Array of CatalogInfo objects |
Catalog information. |
uris |
No |
Array of strings |
URI. |
type |
Yes |
String |
Resource type. The value can be CATALOG, DATABASE, TABLE, COLUMN, FUNC, MODEL, DATASET or URI. Enumeration values:
|
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
databases |
No |
Array of DatabaseInfo objects |
Subdatabase information. |
name |
Yes |
String |
Catalog name. |
models |
No |
Array of ModelInfo objects |
Submodel information. |
datasets |
No |
Array of DatasetInfo objects |
Subdataset information. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
Database name. The value should contain 1 to 128 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed. |
tables |
No |
Array of TableInfo objects |
Subtables. |
functions |
No |
Array of FunctionInfo objects |
Subfunctions. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
columns |
No |
ColumnInfo object |
Sub-columns. |
name |
Yes |
String |
Table name. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
column_name |
Yes |
Array of strings |
Column name. The value can contain 1 to 767 characters. Only letters, digits, and special characters (_-+*(),) are allowed. |
filter |
Yes |
String |
Whether to filter out an item. The options are Include and Exclude. Enumeration values:
|
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
policies |
Array of LakeFormationPolicy objects |
LakeCat policies. |
page_info |
PagedInfo object |
Pagination information. |
Parameter |
Type |
Description |
---|---|---|
project_id |
String |
Project ID. |
instance_id |
String |
Instance ID. |
principal_type |
String |
Entity type. The options are USER (user), GROUP (group), ROLE (role), SHARE (shared), and OTHER (others). Enumeration values:
|
principal_source |
String |
Entity source. The options are IAM (cloud user), SAML (SAML-based federation), LDAP (permission policy), LOCAL (local user), AGENT (agency), AGENTTENANT (agency), and OTHER (others). Enumeration values:
|
principal_name |
String |
Entity name. |
resource |
ResourceInfo object |
Resource information. |
resource_name |
String |
Require to perform splitting in dotted format. |
permissions |
Array of strings |
Permission list: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, CREATE_MODEL, CREATE_DATASET, LIST_DATASET, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH and ALTER VIEW MODIFY QUERY. Enumeration values:
|
grant_able_permissions |
Array of strings |
Transferable permissions: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, CREATE_MODEL, CREATE_DATASET, LIST_DATASET, INSERT,UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH and ALTER VIEW MODIFY QUERY. Enumeration values:
|
created_time |
Long |
Creation time. |
condition |
String |
Conditions. |
obligation |
String |
Obligation, including data filter and data mask. |
authorization_paths |
Array of strings |
Authorization path list. |
parameters |
Map<String,String> |
Parameter. |
access_policy_type |
String |
Permission policy type. The options are DEFAULT (common policy), ROW_FILTER (row filtering), and DATA_MASK (column masking). Enumeration values:
|
obs_access_label |
String |
OBS access label, which describes the LakeFormation permission. |
Parameter |
Type |
Description |
---|---|---|
catalogs |
Array of CatalogInfo objects |
Catalog information. |
uris |
Array of strings |
URI. |
type |
String |
Resource type. The value can be CATALOG, DATABASE, TABLE, COLUMN, FUNC, MODEL, DATASET or URI. Enumeration values:
|
Parameter |
Type |
Description |
---|---|---|
databases |
Array of DatabaseInfo objects |
Subdatabase information. |
name |
String |
Catalog name. |
models |
Array of ModelInfo objects |
Submodel information. |
datasets |
Array of DatasetInfo objects |
Subdataset information. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Database name. The value should contain 1 to 128 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed. |
tables |
Array of TableInfo objects |
Subtables. |
functions |
Array of FunctionInfo objects |
Subfunctions. |
Parameter |
Type |
Description |
---|---|---|
columns |
ColumnInfo object |
Sub-columns. |
name |
String |
Table name. |
Parameter |
Type |
Description |
---|---|---|
column_name |
Array of strings |
Column name. The value can contain 1 to 767 characters. Only letters, digits, and special characters (_-+*(),) are allowed. |
filter |
String |
Whether to filter out an item. The options are Include and Exclude. Enumeration values:
|
Parameter |
Type |
Description |
---|---|---|
name |
String |
Model name. Enter 1 to 256 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Dataset name. The value is a string of 1 to 256 characters and can contain only digits, letters, and underscores (_). |
Parameter |
Type |
Description |
---|---|---|
current_count |
Integer |
Number of objects returned this time. The value ranges from 0 to 2000. |
next_marker |
String |
Query address of the next page. If the next page does not exist, the value is null. (If the value is null, the response body does not contain this parameter.) |
previous_marker |
String |
Query address of the previous page. If the previous page does not exist, the value is null. (If the value is null, the response body does not contain this parameter.) |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
solution_msg |
String |
Solution. |
Status code: 404
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
solution_msg |
String |
Solution. |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
solution_msg |
String |
Solution. |
Example Requests
POST https://{endpoint}/v1/{project_id}/instances/{instance_id}/policies/grant { "principal_list" : [ { "principal_type" : "USER", "principal_source" : "IAM", "principal_name" : "user1" } ], "resource" : { "catalogs" : [ { "databases" : [ { "name" : "db1", "tables" : [ { "columns" : { "column_name" : [ ], "filter" : "string" }, "name" : "tb1" } ], "functions" : [ { "name" : "string" } ] } ], "name" : "catalog1" } ], "uris" : [ "string" ], "type" : "CATALOG" }, "effect" : true, "permissions" : [ "ALTER,DROP" ], "grant_able_permissions" : [ "ALTER,DROP" ], "conditions" : "ip=127.0.0.1", "data_filter" : "c1 < 0", "data_mask" : "show last 4", "data_mask_type" : "PARTIAL_MASK" }
Example Responses
Status code: 200
OK
{ "policies" : [ { "project_id" : "41aa75443xxxxxx2c6afaaa40cc046", "instance_id" : "51c51596-2e97-47bf-xxxx-0fc728c04ced", "principal_type" : "USER", "principal_source" : "IAM", "principal_name" : "user1", "resource" : { "catalogs" : [ { "databases" : [ { "name" : "db1", "tables" : [ { } ], "functions" : [ { } ] } ], "name" : "catalog1" } ], "uris" : [ "string" ], "type" : "CATALOG" }, "resource_name" : "string", "permissions" : [ "DROP", "ALTER" ], "grant_able_permissions" : [ "ALTER" ], "created_time" : 0, "condition" : "ip=127.0.0.1", "obligation" : "DATAFILTER:c1<10;DATAMASK:INCLUDE:c1", "authorization_paths" : [ "obs://location/uri/" ] } ], "page_info" : { "current_count" : 2000, "next_marker" : "006f492b-xxxx", "previous_marker" : "003e6eba-xxxx" } }
Status code: 400
Bad Request
{ "error_code" : "common.01000001", "error_msg" : "failed to read http request, please check your input, code: 400, reason: Type mismatch., cause: TypeMismatchException" }
Status code: 401
Unauthorized
{ "error_code": 'APIG.1002', "error_msg": 'Incorrect token or token resolution failed' }
Status code: 403
Forbidden
{ "error" : { "code" : "403", "message" : "X-Auth-Token is invalid in the request", "error_code" : null, "error_msg" : null, "title" : "Forbidden" }, "error_code" : "403", "error_msg" : "X-Auth-Token is invalid in the request", "title" : "Forbidden" }
Status code: 404
Not Found
{ "error_code" : "common.01000001", "error_msg" : "response status exception, code: 404" }
Status code: 408
Request Timeout
{ "error_code" : "common.00000408", "error_msg" : "timeout exception occurred" }
Status code: 500
Internal Server Error
{ "error_code" : "common.00000500", "error_msg" : "internal error" }
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
201 |
Created |
400 |
Bad Request |
401 |
Unauthorized |
403 |
Forbidden |
404 |
Not Found |
408 |
Request Timeout |
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot