Querying LakeFormation Authorization
This section describes how to query an authorized permission.
Procedure
- Log in to the LakeFormation console.
- Select the target LakeFormation instance from the drop-down list box on the left and choose Data Permissions > Data Authorization.
You can select the target permission information using OBS Authorization Path, Authorization Entity, Entity Type, and Entity Source above the list as filters.
OBS Authorization Path is available to only the permission policies whose authorization objects are OBS paths.
- View the data authorization information in the displayed list.
The following table lists the information items:
Table 1 Authorization information Item
Description
Policy Type
The values include:
- DEFAULT: default permission policy.
- ROW_FILTER: row filtering permission policy, including row filtering criteria.
Authorization Entity
Name of the authorized entity.
Entity Type
Type of the authorized entity.
- GROUP: user group.
- ROLE: role
- USER: user
Entity Source
Source of the authorized entity.
- IAM: IAM (user or user group)
- LOCAL: LakeFormation
- AGENTTENANT: IAM agency
Authorization Object
Name or path of the authorized resource.
If the authorization type is set to Resources, the format is Catalog.[Database].[Table].
Resource Type
The values include:
- CATALOG: catalog
- DATABASE: database
- TABLE: table
- COLUMN: column
- FUNC: function
- URI: path
Permission
Name of the authorized permission. For details about the permission description, see Table 2.
Authorized Permission
Authorized permission.
Reference
For details about how to authorize resources or paths, see Configuring LakeFormation Metadata Permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
