Performing Role-based Authorization
If a role has some permissions on resources (such as databases), users or user groups with this role also have the corresponding resource operation permissions.
If the service interconnected with the LakeFormation instance requires role authorization, the agency for interconnecting with LakeFormation must contain the permissions of the role.
For example, if the query permission of a role is required after LakeFormation is interconnected with an MRS cluster, select lakeformation:role:describe when creating a LakeFormation agency.
Creating a Role and Binding a User with It
- Log in to the LakeFormation console.
- In the upper left corner, click and choose Analytics > LakeFormation to access the LakeFormation console.
- Select the target LakeFormation instance from the drop-down list box on the left and choose Data Permission > Role.
- Click Create, set Role Name and Description, and click OK.
- On the Roles page, click Add in the Operation column, select the target role and user, and click OK.
- You can also choose Data Permissions > Users in the navigation pane, locate the row that contains the user to be bound with the role, click Add in the Operation column, select the target role, and click OK.
- After the role is authorized, the users bound with the role have its permissions.
Granting Permissions to the Created Role
Grant permissions to the created role. For details, see Granting permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot