Canceling Batch Authorization
Function
Revoke permissions in batches.
URI
POST /v1/{project_id}/instances/{instance_id}/policies/revoke
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. For how to obtain the project ID, see Obtaining a Project ID (lakeformation_04_0026.xml). |
|
instance_id |
Yes |
String |
LakeFormation instance ID. The value is automatically generated when the instance is created, for example, 2180518f-42b8-4947-b20b-adfc53981a25. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
Array of strings |
Tenant token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
principal_list |
Yes |
Array of Principal objects |
Entity information. |
|
resource |
Yes |
ResourceInfo object |
Resource information. |
|
effect |
Yes |
Boolean |
Deny/Allow. |
|
permissions |
Yes |
Array of strings |
Permissions: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values:
|
|
grant_able_permissions |
No |
Array of strings |
Permissions that can be transferred: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values:
|
|
conditions |
No |
String |
Condition. |
|
data_filter |
No |
String |
Row filtering. |
|
data_mask |
No |
String |
Column mask. |
|
parameters |
No |
Map<String,String> |
Parameter. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
principal_type |
Yes |
String |
Entity type. USER: user GROUP: group ROLE: role SHARE: share OTHER: others Enumeration values:
|
|
principal_source |
Yes |
String |
Entity source. IAM: cloud user SAML: SAML-based federation LDAP: ID user LOCAL: local user AGENTTENANT: agency OTHER: others Enumeration values:
|
|
principal_name |
Yes |
String |
Entity name. The value can contain 1 to 49 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
catalogs |
No |
Array of CatalogInfo objects |
Catalog information. |
|
uris |
No |
Array of strings |
URI. |
|
type |
Yes |
String |
Resource type. The options are CATALOG, DATABASE, TABLE, COLUMN, FUNC, MODEL, and URI. Enumeration values:
|
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
databases |
No |
Array of DatabaseInfo objects |
Subdatabase information. |
|
name |
Yes |
String |
Catalog name. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
name |
Yes |
String |
Database name. The value should contain 1 to 128 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed. |
|
tables |
No |
Array of TableInfo objects |
Subtables. |
|
functions |
No |
Array of FunctionInfo objects |
Subfunctions. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
columns |
No |
ColumnInfo object |
Sub-columns. |
|
name |
Yes |
String |
Table name. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
column_name |
Yes |
Array of strings |
Column name. The value can contain 1 to 767 characters. Only letters, digits, and special characters (_-+*(),) are allowed. |
|
filter |
Yes |
String |
Whether to filter out an item. The options are Include and Exclude. Enumeration values:
|
Response Parameters
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Example Requests
POST https://{endpoint}/v1/{project_id}/instances/{instance_id}/policies/revoke
{
"principal_list" : [ {
"principal_type" : "USER",
"principal_source" : "IAM",
"principal_name" : "user1"
} ],
"resource" : {
"catalogs" : [ {
"databases" : [ {
"name" : "db1",
"tables" : [ {
"columns" : {
"column_name" : [ ],
"filter" : "string"
},
"name" : "tb1"
} ],
"functions" : [ {
"name" : "string"
} ]
} ],
"name" : "catalog1"
} ],
"uris" : [ "string" ],
"type" : "CATALOG"
},
"effect" : true,
"permissions" : "ALTER,DROP",
"grant_able_permissions" : "ALTER,DROP",
"conditions" : "ip=127.0.0.1",
"data_filter" : "c1 < 0",
"data_mask" : "Include:c1,c2:mask"
}
Example Responses
Status code: 400
Bad Request
{
"error_code" : "common.01000001",
"error_msg" : "failed to read http request, please check your input, code: 400, reason: Type mismatch., cause: TypeMismatchException"
}
Status code: 401
Unauthorized
{
"error_code": 'APIG.1002',
"error_msg": 'Incorrect token or token resolution failed'
}
Status code: 403
Forbidden
{
"error" : {
"code" : "403",
"message" : "X-Auth-Token is invalid in the request",
"error_code" : null,
"error_msg" : null,
"title" : "Forbidden"
},
"error_code" : "403",
"error_msg" : "X-Auth-Token is invalid in the request",
"title" : "Forbidden"
}
Status code: 404
Not Found
{
"error_code" : "common.01000001",
"error_msg" : "response status exception, code: 404"
}
Status code: 408
Request Timeout
{
"error_code" : "common.00000408",
"error_msg" : "timeout exception occurred"
}
Status code: 500
Internal Server Error
{
"error_code" : "common.00000500",
"error_msg" : "internal error"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
OK |
|
201 |
Created |
|
400 |
Bad Request |
|
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
408 |
Request Timeout |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
