Help Center/ DataArts Lake Formation/ API Reference/ API/ LakeCat/ Authorization Management/ Granting Permissions in Batches

Updated on 2024-02-21 GMT+08:00

View PDF

Granting Permissions in Batches

Function

This API is used to grant permissions in batches.

URI

POST /v1/{project_id}/instances/{instance_id}/policies/grant

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For how to obtain the project ID, see Obtaining a Project ID (lakeformation_04_0026.xml).
instance_id	Yes	String	LakeFormation instance ID. The value is automatically generated when the instance is created, for example, 2180518f-42b8-4947-b20b-adfc53981a25.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	Array of strings	Tenant token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
principal_list	Yes	Array of Principal objects	Entity information.
resource	Yes	ResourceInfo object	Resource information.
effect	Yes	Boolean	Deny/Allow.
permissions	Yes	Array of strings	Permissions: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values: ALL CREATE ALTER DROP DESCRIBE EXEC CREATE_DATABASE LIST_DATABASE CREATE_TABLE LIST_TABLE CREATE_FUNC LIST_FUNC REGISTER_MODEL LIST_MODEL INSERT UPDATE DELETE SELECT READ WRITE OPERATE INTROSPECTION SOURCES DICT GET TRUNCATE OPTIMIZE CREATE TEMPORARY TABLE CREATE DICTIONARY CREATE VIEW SHOW DATABASES SHOW TABLES SHOW DICTIONARIES SHOW COLUMNS DROP DATABASE DROP VIEW DROP DICTIONARY DROP TABLE ALTER TABLE ALTER UPDATE ALTER DELETE ALTER COLUMN ALTER ADD COLUMN ALTER DROP COLUMN ALTER MODIFY COLUMN ALTER COMMENT COLUMN ALTER CLEAR COLUMN ALTER RENAME COLUMN ALTER INDEX ALTER ORDER BY ALTER ADD INDEX ALTER DROP INDEX ALTER MATERIALIZE INDEX ALTER CLEAR INDEX ALTER CONSTRAINT ALTER ADD CONSTRAINT ALTER DROP CONSTRAINT ALTER TTL ALTER MATERIALIZE TTL ALTER SETTINGS ALTER MOVE PARTITION ALTER FETCH PARTITION ALTER FREEZE PARTITION ALTER VIEW ALTER VIEW REFRESH ALTER VIEW MODIFY QUERY
grant_able_permissions	No	Array of strings	Permissions that can be transferred: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values: ALL CREATE ALTER DROP DESCRIBE EXEC CREATE_DATABASE LIST_DATABASE CREATE_TABLE LIST_TABLE CREATE_FUNC LIST_FUNC REGISTER_MODEL LIST_MODEL INSERT UPDATE DELETE SELECT READ WRITE OPERATE INTROSPECTION SOURCES DICT GET TRUNCATE OPTIMIZE CREATE TEMPORARY TABLE CREATE DICTIONARY CREATE VIEW SHOW DATABASES SHOW TABLES SHOW DICTIONARIES SHOW COLUMNS DROP DATABASE DROP VIEW DROP DICTIONARY DROP TABLE ALTER TABLE ALTER UPDATE ALTER DELETE ALTER COLUMN ALTER ADD COLUMN ALTER DROP COLUMN ALTER MODIFY COLUMN ALTER COMMENT COLUMN ALTER CLEAR COLUMN ALTER RENAME COLUMN ALTER INDEX ALTER ORDER BY ALTER ADD INDEX ALTER DROP INDEX ALTER MATERIALIZE INDEX ALTER CLEAR INDEX ALTER CONSTRAINT ALTER ADD CONSTRAINT ALTER DROP CONSTRAINT ALTER TTL ALTER MATERIALIZE TTL ALTER SETTINGS ALTER MOVE PARTITION ALTER FETCH PARTITION ALTER FREEZE PARTITION ALTER VIEW ALTER VIEW REFRESH ALTER VIEW MODIFY QUERY
conditions	No	String	Condition.
data_filter	No	String	Row filtering.
data_mask	No	String	Column mask.
parameters	No	Map<String,String>	Parameter.

**Table 4** Principal
Parameter	Mandatory	Type	Description
principal_type	Yes	String	Entity type. USER: user GROUP: group ROLE: role SHARE: share OTHER: others Enumeration values: USER GROUP ROLE SHARE OTHER
principal_source	Yes	String	Entity source. IAM: cloud user SAML: SAML-based federation LDAP: ID user LOCAL: local user AGENTTENANT: agency OTHER: others Enumeration values: IAM SAML LDAP LOCAL AGENTTENANT OTHER
principal_name	Yes	String	Entity name. The value can contain 1 to 49 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.

**Table 5** ResourceInfo
Parameter	Mandatory	Type	Description
catalogs	No	Array of CatalogInfo objects	Catalog information.
uris	No	Array of strings	URI.
type	Yes	String	Resource type. The options are CATALOG, DATABASE, TABLE, COLUMN, FUNC, MODEL, and URI. Enumeration values: CATALOG DATABASE TABLE COLUMN FUNC MODEL URI

**Table 6** CatalogInfo
Parameter	Mandatory	Type	Description
databases	No	Array of DatabaseInfo objects	Subdatabase information.
name	Yes	String	Catalog name.

**Table 7** DatabaseInfo
Parameter	Mandatory	Type	Description
name	Yes	String	Database name. The value should contain 1 to 128 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed.
tables	No	Array of TableInfo objects	Subtables.
functions	No	Array of FunctionInfo objects	Subfunctions.

**Table 8** TableInfo
Parameter	Mandatory	Type	Description
columns	No	ColumnInfo object	Sub-columns.
name	Yes	String	Table name.

**Table 9** ColumnInfo
Parameter	Mandatory	Type	Description
column_name	Yes	Array of strings	Column name. The value can contain 1 to 767 characters. Only letters, digits, and special characters (_-+*(),) are allowed.
filter	Yes	String	Whether to filter out an item. The options are Include and Exclude. Enumeration values: Include Exclude

**Table 10** FunctionInfo
Parameter	Mandatory	Type	Description
name	Yes	String	Function name.

Response Parameters

Status code: 200

**Table 11** Response body parameters
Parameter	Type	Description
policies	Array of LakeFormationPolicy objects	LakeCat policies.
page_info	PagedInfo object	Pagination information.

**Table 12** LakeFormationPolicy
Parameter	Type	Description
project_id	String	Project ID.
instance_id	String	Instance ID.
principal_type	String	Entity type. The options are USER (user), GROUP (group), ROLE (role), SHARE (shared), and OTHER (others). Enumeration values: USER GROUP ROLE SHARE OTHER
principal_source	String	Entity source. The options are IAM (cloud user), SAML (SAML-based federation), LDAP (permission policy), LOCAL (local user), AGENT (agency), AGENTTENANT (agency), and OTHER (others). Enumeration values: IAM SAML LDAP LOCAL AGENTTENANT OTHER
principal_name	String	Entity name.
resource	ResourceInfo object	Resource information.
resource_name	String	Require to perform splitting in dotted format.
permissions	Array of strings	Permissions: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values: ALL CREATE ALTER DROP DESCRIBE EXEC CREATE_DATABASE LIST_DATABASE CREATE_TABLE LIST_TABLE CREATE_FUNC LIST_FUNC REGISTER_MODEL LIST_MODEL INSERT UPDATE DELETE SELECT READ WRITE OPERATE INTROSPECTION SOURCES DICT GET TRUNCATE OPTIMIZE CREATE TEMPORARY TABLE CREATE DICTIONARY CREATE VIEW SHOW DATABASES SHOW TABLES SHOW DICTIONARIES SHOW COLUMNS DROP DATABASE DROP VIEW DROP DICTIONARY DROP TABLE ALTER TABLE ALTER UPDATE ALTER DELETE ALTER COLUMN ALTER ADD COLUMN ALTER DROP COLUMN ALTER MODIFY COLUMN ALTER COMMENT COLUMN ALTER CLEAR COLUMN ALTER RENAME COLUMN ALTER INDEX ALTER ORDER BY ALTER ADD INDEX ALTER DROP INDEX ALTER MATERIALIZE INDEX ALTER CLEAR INDEX ALTER CONSTRAINT ALTER ADD CONSTRAINT ALTER DROP CONSTRAINT ALTER TTL ALTER MATERIALIZE TTL ALTER SETTINGS ALTER MOVE PARTITION ALTER FETCH PARTITION ALTER FREEZE PARTITION ALTER VIEW ALTER VIEW REFRESH ALTER VIEW MODIFY QUERY
grant_able_permissions	Array of strings	Permissions that can be transferred: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values: ALL CREATE ALTER DROP DESCRIBE EXEC CREATE_DATABASE LIST_DATABASE CREATE_TABLE LIST_TABLE CREATE_FUNC LIST_FUNC REGISTER_MODEL LIST_MODEL INSERT UPDATE DELETE SELECT READ WRITE OPERATE INTROSPECTION SOURCES DICT GET TRUNCATE OPTIMIZE CREATE TEMPORARY TABLE CREATE DICTIONARY CREATE VIEW SHOW DATABASES SHOW TABLES SHOW DICTIONARIES SHOW COLUMNS DROP DATABASE DROP VIEW DROP DICTIONARY DROP TABLE ALTER TABLE ALTER UPDATE ALTER DELETE ALTER COLUMN ALTER ADD COLUMN ALTER DROP COLUMN ALTER MODIFY COLUMN ALTER COMMENT COLUMN ALTER CLEAR COLUMN ALTER RENAME COLUMN ALTER INDEX ALTER ORDER BY ALTER ADD INDEX ALTER DROP INDEX ALTER MATERIALIZE INDEX ALTER CLEAR INDEX ALTER CONSTRAINT ALTER ADD CONSTRAINT ALTER DROP CONSTRAINT ALTER TTL ALTER MATERIALIZE TTL ALTER SETTINGS ALTER MOVE PARTITION ALTER FETCH PARTITION ALTER FREEZE PARTITION ALTER VIEW ALTER VIEW REFRESH ALTER VIEW MODIFY QUERY
created_time	Long	Creation time.
condition	String	Conditions.
obligation	String	Obligation, including data filter and data mask.
authorization_paths	Array of strings	Authorization path list.
parameters	Map<String,String>	Parameter.
access_policy_type	String	Policy type. The options are DEFAULT (common policy) and ROW_FILTER (row filtering policy). Enumeration values: DEFAULT ROW_FILTER

**Table 13** ResourceInfo
Parameter	Type	Description
catalogs	Array of CatalogInfo objects	Catalog information.
uris	Array of strings	URI.
type	String	Resource type. The options are CATALOG, DATABASE, TABLE, COLUMN, FUNC, MODEL, and URI. Enumeration values: CATALOG DATABASE TABLE COLUMN FUNC MODEL URI

**Table 14** CatalogInfo
Parameter	Type	Description
databases	Array of DatabaseInfo objects	Subdatabase information.
name	String	Catalog name.

**Table 15** DatabaseInfo
Parameter	Type	Description
name	String	Database name. The value should contain 1 to 128 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed.
tables	Array of TableInfo objects	Subtables.
functions	Array of FunctionInfo objects	Subfunctions.

**Table 16** TableInfo
Parameter	Type	Description
columns	ColumnInfo object	Sub-columns.
name	String	Table name.

**Table 17** ColumnInfo
Parameter	Type	Description
column_name	Array of strings	Column name. The value can contain 1 to 767 characters. Only letters, digits, and special characters (_-+*(),) are allowed.
filter	String	Whether to filter out an item. The options are Include and Exclude. Enumeration values: Include Exclude

**Table 18** FunctionInfo
Parameter	Type	Description
name	String	Function name.

**Table 19** PagedInfo
Parameter	Type	Description
current_count	Integer	Number of objects returned this time. The value ranges from 0 to 2000.
next_marker	String	Query address of the next page. If the next page does not exist, the value is null. (If the value is null, the response body does not contain this parameter.)
previous_marker	String	Query address of the previous page. If the previous page does not exist, the value is null. (If the value is null, the response body does not contain this parameter.)

Status code: 400

**Table 20** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
solution_msg	String	Solution.

Status code: 404

**Table 21** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
solution_msg	String	Solution.

Status code: 500

**Table 22** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
solution_msg	String	Solution.

Example Requests

POST https://{endpoint}/v1/{project_id}/instances/{instance_id}/policies/grant

{
  "principal_list" : [ {
    "principal_type" : "USER",
    "principal_source" : "IAM",
    "principal_name" : "user1"
  } ],
  "resource" : {
    "catalogs" : [ {
      "databases" : [ {
        "name" : "db1",
        "tables" : [ {
          "columns" : {
            "column_name" : [ ],
            "filter" : "string"
          },
          "name" : "tb1"
        } ],
        "functions" : [ {
          "name" : "string"
        } ]
      } ],
      "name" : "catalog1"
    } ],
    "uris" : [ "string" ],
    "type" : "CATALOG"
  },
  "effect" : true,
  "permissions" : "ALTER,DROP",
  "grant_able_permissions" : "ALTER,DROP",
  "conditions" : "ip=127.0.0.1",
  "data_filter" : "c1 < 0",
  "data_mask" : "Include:c1,c2:mask"
}

Example Responses

Status code: 200

{
  "policies" : [ {
    "project_id" : "41aa75443xxxxxx2c6afaaa40cc046",
    "instance_id" : "51c51596-2e97-47bf-xxxx-0fc728c04ced",
    "principal_type" : "USER",
    "principal_source" : "IAM",
    "principal_name" : "user1",
    "resource" : {
      "catalogs" : [ {
        "databases" : [ {
          "name" : "db1",
          "tables" : [ { } ],
          "functions" : [ { } ]
        } ],
        "name" : "catalog1"
      } ],
      "uris" : [ "string" ],
      "type" : "CATALOG"
    },
    "resource_name" : "string",
    "permissions" : [ "DROP", "ALTER" ],
    "grant_able_permissions" : [ "ALTER" ],
    "created_time" : 0,
    "condition" : "ip=127.0.0.1",
    "obligation" : "DATAFILTER:c1<10;DATAMASK:INCLUDE:c1",
    "authorization_paths" : [ "obs://location/uri/" ]
  } ],
  "page_info" : {
    "current_count" : 2000,
    "next_marker" : "006f492b-xxxx",
    "previous_marker" : "003e6eba-xxxx"
  }
}

Status code: 400

Bad Request

{
  "error_code" : "common.01000001",
  "error_msg" : "failed to read http request, please check your input, code: 400, reason: Type mismatch., cause: TypeMismatchException"
}

Status code: 401

Unauthorized

{
  "error_code": 'APIG.1002',
  "error_msg": 'Incorrect token or token resolution failed'
}

Status code: 403

Forbidden

{
  "error" : {
    "code" : "403",
    "message" : "X-Auth-Token is invalid in the request",
    "error_code" : null,
    "error_msg" : null,
    "title" : "Forbidden"
  },
  "error_code" : "403",
  "error_msg" : "X-Auth-Token is invalid in the request",
  "title" : "Forbidden"
}

Status code: 404

Not Found

{
  "error_code" : "common.01000001",
  "error_msg" : "response status exception, code: 404"
}

Status code: 408

Request Timeout

{
  "error_code" : "common.00000408",
  "error_msg" : "timeout exception occurred"
}

Status code: 500

Internal Server Error

{
  "error_code" : "common.00000500",
  "error_msg" : "internal error"
}

Status Codes

Status Code	Description
200	OK
201	Created
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
408	Request Timeout
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Authorization Management

Previous topic: Authorization Management

Next topic: Obtaining Synchronization Permission Policies

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot