Esta página ainda não está disponível no idioma selecionado. Estamos trabalhando para adicionar mais opções de idiomas. Agradecemos sua compreensão.

DataArts Lake Formation
DataArts Lake Formation

    All results for "" in this service

    Compute
    Elastic Cloud Server
    Huawei Cloud Flexus
    Bare Metal Server
    Auto Scaling
    Image Management Service
    Dedicated Host
    FunctionGraph
    Cloud Phone Host
    Huawei Cloud EulerOS
    Management & Governance
    Cloud Eye
    Identity and Access Management
    Cloud Trace Service
    Resource Formation Service
    Tag Management Service
    Log Tank Service
    Config
    OneAccess
    Resource Access Manager
    Simple Message Notification
    Application Performance Management
    Application Operations Management
    Organizations
    Optimization Advisor
    IAM Identity Center
    Cloud Operations Center
    Resource Governance Center
    Cloud Ecosystem
    KooGallery
    Partner Center
    Analytics
    MapReduce Service
    Data Lake Insight
    CloudTable Service
    Cloud Search Service
    Data Lake Visualization
    Data Ingestion Service
    GaussDB(DWS)
    DataArts Studio
    Data Lake Factory
    DataArts Lake Formation
    Others
    Product Pricing Details
    System Permissions
    Console Quick Start
    Common FAQs
    Instructions for Associating with a HUAWEI CLOUD Partner
    Message Center
    Blockchain
    Blockchain Service
    Web3 Node Engine Service
    Storage
    Object Storage Service
    Elastic Volume Service
    Cloud Backup and Recovery
    Storage Disaster Recovery Service
    Scalable File Service Turbo
    Scalable File Service
    Volume Backup Service
    Cloud Server Backup Service
    Data Express Service
    Dedicated Distributed Storage Service
    Databases
    Relational Database Service
    Document Database Service
    Data Admin Service
    Data Replication Service
    GeminiDB
    GaussDB
    Distributed Database Middleware
    Database and Application Migration UGO
    TaurusDB
    Dedicated Cloud
    Dedicated Computing Cluster
    AI
    Face Recognition Service
    Graph Engine Service
    Content Moderation
    Image Recognition
    Optical Character Recognition
    ModelArts
    ImageSearch
    Conversational Bot Service
    Speech Interaction Service
    Huawei HiLens
    Video Intelligent Analysis Service
    Content Delivery & Edge Computing
    Content Delivery Network
    Intelligent EdgeFabric
    CloudPond
    Intelligent EdgeCloud
    Developer Services
    ServiceStage
    CodeArts
    CodeArts PerfTest
    CodeArts Req
    CodeArts Pipeline
    CodeArts Build
    CodeArts Deploy
    CodeArts Artifact
    CodeArts TestPlan
    CodeArts Check
    CodeArts Repo
    Cloud Application Engine
    Networking
    Virtual Private Cloud
    Elastic IP
    Elastic Load Balance
    NAT Gateway
    Direct Connect
    Virtual Private Network
    VPC Endpoint
    Cloud Connect
    Enterprise Router
    Enterprise Switch
    Global Accelerator
    Migration
    Server Migration Service
    Object Storage Migration Service
    Cloud Data Migration
    Migration Center
    User Support
    My Account
    Billing Center
    Cost Center
    Resource Center
    Enterprise Management
    Service Tickets
    HUAWEI CLOUD (International) FAQs
    ICP Filing
    Support Plans
    My Credentials
    Customer Operation Capabilities
    Partner Support Plans
    Professional Services
    IoT
    IoT Device Access
    Security & Compliance
    Security Technologies and Applications
    Web Application Firewall
    Host Security Service
    Cloud Firewall
    SecMaster
    Anti-DDoS Service
    Data Encryption Workshop
    Database Security Service
    Cloud Bastion Host
    Data Security Center
    Cloud Certificate Manager
    Edge Security
    Media Services
    Media Processing Center
    Video On Demand
    Live
    SparkRTC
    MetaStudio
    Containers
    Cloud Container Engine
    SoftWare Repository for Container
    Application Service Mesh
    Ubiquitous Cloud Native Service
    Cloud Container Instance
    Middleware
    Distributed Cache Service
    API Gateway
    Distributed Message Service for Kafka
    Distributed Message Service for RabbitMQ
    Distributed Message Service for RocketMQ
    Cloud Service Engine
    Multi-Site High Availability Service
    EventGrid
    Business Applications
    Workspace
    ROMA Connect
    Message & SMS
    Domain Name Service
    Edge Data Center Management
    Meeting
    Developer Tools
    SDK Developer Guide
    API Request Signing Guide
    Terraform
    Koo Command Line Interface
    Solutions
    SAP Cloud
    High Performance Computing
    MacroVerse aPaaS
    KooMessage
    KooPhone
    KooDrive
    Compute
    Elastic Cloud Server
    Huawei Cloud Flexus
    Bare Metal Server
    Auto Scaling
    Image Management Service
    Dedicated Host
    FunctionGraph
    Cloud Phone Host
    Huawei Cloud EulerOS
    Networking
    Virtual Private Cloud
    Elastic IP
    Elastic Load Balance
    NAT Gateway
    Direct Connect
    Virtual Private Network
    VPC Endpoint
    Cloud Connect
    Enterprise Router
    Enterprise Switch
    Global Accelerator
    Management & Governance
    Cloud Eye
    Identity and Access Management
    Cloud Trace Service
    Resource Formation Service
    Tag Management Service
    Log Tank Service
    Config
    OneAccess
    Resource Access Manager
    Simple Message Notification
    Application Performance Management
    Application Operations Management
    Organizations
    Optimization Advisor
    IAM Identity Center
    Cloud Operations Center
    Resource Governance Center
    Migration
    Server Migration Service
    Object Storage Migration Service
    Cloud Data Migration
    Migration Center
    Cloud Ecosystem
    KooGallery
    Partner Center
    User Support
    My Account
    Billing Center
    Cost Center
    Resource Center
    Enterprise Management
    Service Tickets
    HUAWEI CLOUD (International) FAQs
    ICP Filing
    Support Plans
    My Credentials
    Customer Operation Capabilities
    Partner Support Plans
    Professional Services
    Analytics
    MapReduce Service
    Data Lake Insight
    CloudTable Service
    Cloud Search Service
    Data Lake Visualization
    Data Ingestion Service
    GaussDB(DWS)
    DataArts Studio
    Data Lake Factory
    DataArts Lake Formation
    IoT
    IoT Device Access
    Others
    Product Pricing Details
    System Permissions
    Console Quick Start
    Common FAQs
    Instructions for Associating with a HUAWEI CLOUD Partner
    Message Center
    Security & Compliance
    Security Technologies and Applications
    Web Application Firewall
    Host Security Service
    Cloud Firewall
    SecMaster
    Anti-DDoS Service
    Data Encryption Workshop
    Database Security Service
    Cloud Bastion Host
    Data Security Center
    Cloud Certificate Manager
    Edge Security
    Blockchain
    Blockchain Service
    Web3 Node Engine Service
    Media Services
    Media Processing Center
    Video On Demand
    Live
    SparkRTC
    MetaStudio
    Storage
    Object Storage Service
    Elastic Volume Service
    Cloud Backup and Recovery
    Storage Disaster Recovery Service
    Scalable File Service Turbo
    Scalable File Service
    Volume Backup Service
    Cloud Server Backup Service
    Data Express Service
    Dedicated Distributed Storage Service
    Containers
    Cloud Container Engine
    SoftWare Repository for Container
    Application Service Mesh
    Ubiquitous Cloud Native Service
    Cloud Container Instance
    Databases
    Relational Database Service
    Document Database Service
    Data Admin Service
    Data Replication Service
    GeminiDB
    GaussDB
    Distributed Database Middleware
    Database and Application Migration UGO
    TaurusDB
    Middleware
    Distributed Cache Service
    API Gateway
    Distributed Message Service for Kafka
    Distributed Message Service for RabbitMQ
    Distributed Message Service for RocketMQ
    Cloud Service Engine
    Multi-Site High Availability Service
    EventGrid
    Dedicated Cloud
    Dedicated Computing Cluster
    Business Applications
    Workspace
    ROMA Connect
    Message & SMS
    Domain Name Service
    Edge Data Center Management
    Meeting
    AI
    Face Recognition Service
    Graph Engine Service
    Content Moderation
    Image Recognition
    Optical Character Recognition
    ModelArts
    ImageSearch
    Conversational Bot Service
    Speech Interaction Service
    Huawei HiLens
    Video Intelligent Analysis Service
    Developer Tools
    SDK Developer Guide
    API Request Signing Guide
    Terraform
    Koo Command Line Interface
    Content Delivery & Edge Computing
    Content Delivery Network
    Intelligent EdgeFabric
    CloudPond
    Intelligent EdgeCloud
    Solutions
    SAP Cloud
    High Performance Computing
    Developer Services
    ServiceStage
    CodeArts
    CodeArts PerfTest
    CodeArts Req
    CodeArts Pipeline
    CodeArts Build
    CodeArts Deploy
    CodeArts Artifact
    CodeArts TestPlan
    CodeArts Check
    CodeArts Repo
    Cloud Application Engine
    MacroVerse aPaaS
    KooMessage
    KooPhone
    KooDrive

      All results for "" in this service

      On this page

      Show all

      Help Center/ DataArts Lake Formation/ User Guide/ Data Permission Management/ Granting permissions

      Granting permissions

      Updated on 2025-01-10 GMT+08:00
      View PDF
      Share

      You can centrally manage permissions on resources in the data lake and grant permissions to different authorization entities on the LakeFormation console.

      Before authorization, ensure that the entity to be authorized exists. For example, the IAM user group has been created.

      NOTE:

      You can centrally manage permissions on resources in the data lake on the LakeFormation console. IAM users and user groups can also be associated with fine-grained permission policies of LakeFormation for authorization. For details, see Creating a Custom Policy. If there are a large number of data resources in the data lake, you are advised to use the LakeFormation console to centrally manage permissions on resources in the data lake.

      Adding an Authorization Policy

      1. Log in to the LakeFormation console.
      2. In the upper left corner, click and choose Analytics > LakeFormation to access the LakeFormation console.
      3. Select the target LakeFormation instance from the drop-down list box on the left and choose Data Permissions > Data Authorization.
      4. Click Authorize. In the displayed dialog box, set parameters by referring to the following table and click OK.

        NOTE:
        • The name of an authorization entity cannot contain hyphens (-). Otherwise, the operation may fail.
        • A maximum of 256 permission policies can be granted to a single table.
        Table 1 Data authorization parameters

        Parameter

        Description

        Entity Type
        • User Group(s): Select the user group to be authorized, for example, IAM user group. You can create one on the IAM console in advance.
        • Role: Select the role to be authorized. You can create roles in advance by following the instructions provided in Creating a Role and Binding a User with It.
        • IAM User: Select an IAM user that you want to grant permissions to.
        • Agency: Select an agency.

        Granted To
        • Resources: authorizes the resources in LakeFormation instances.
        • Paths: authorizes the paths in the OBS service. This authorization type is used to grant permissions to foreign tables or functions.

        Resource Type

        Select the type of the resource to be authorized. This parameter is displayed when Granted To is set to Resources.

        Select the catalog, database, table, column, and function to be authorized based on site requirements.

        NOTE:

        When granting the SELECT permission to a table, you need to select columns at the same time. For example, set Column to * to select all columns.

        Row Filter Criterion

        Whether to set row filtering criteria for the permission policy. This parameter is displayed when Resource Type is set to Table or Column.

        • The format is as follows: Column name Operator Column value

          The following operators are supported: =, <=, <, >, >=, and like.

          For example, if the row filter criterion is set to "department = financial", the row whose value is financial in the department column is selected.

        • After the row filter criteria are set, the operation type can only be SELECT.

        Column Masking Type

        Select the column masking type. This parameter is available when Resource Type is set to Column.

        • PARTIAL_MASK: Mask some data.
        • REDACT: Modify the data in the original column.
        • HASH: Use the hash algorithm for encryption.
        • NULLIFY: Replace the original value with the NULL value.
        • UNMASKED: Display the original information.
        • DATA_ONLY_SHOW_YEAR: Display only the year part of a date string.
        • CUSTOM: Use user-defined masking rules.
        NOTE:
        • After a column masking rule is set, the operation type can only be SELECT.
        • LakeFormation provides only the functions of managing and obtaining dynamic masking policies. LakeFormation does not handle conflicts involving dynamic masking policies.

        Column Masking Parameters

        An option of the column masking type. You can configure the parameters by referring to Table 2. This parameter is available when Resource Type is set to Column.

        Path

        This parameter is displayed when Granted To is set to Paths.

        Click to select a path in the authorized OBS file system. You can select a maximum of 10 paths.

        Operation Type

        Select the operation type to be authorized. Different authorization types have different operation types. For details, see Table 2.

        Grant Authorization Permission

        Whether to grant the authorization permission.

        After authorization permission is granted, an authorization entity has the permission to authorize an object to other authorization entities.
        Table 2 Column masking parameters

        Column Masking Type

        Column Masking Parameter (example)

        Masking Description

        PARTIAL_MASK

        show last 4

        Display only the last four characters, for example, *******1234.

        show first 4

        Display only the first four characters, for example, 1234*******.

        REDACT

        #

        Use the number sign (#) to modify the data in the original column, for example, ###########.

        *

        Use asterisks (*) to modify the data in the original column, for example, ***********.

        HASH

        hash256

        Use the hash256 algorithm to encrypt data in a column.

        NULLIFY

        None

        Replace the original value with NULL.

        UNMASKED

        None

        Display the original information.

        DATA_ONLY_SHOW_YEAR

        None

        Display only the year part of a date string.

        CUSTOM

        Custom

        Use user-defined masking rules.

      5. Click Cancel Authorization in the Operation column and click OK to cancel the authorization.

        NOTICE:

        Revoked authorizations cannot be recovered.

        To modify the row filter criteria, click More in the Operation column and click Edit Row Filter. This operation is supported only when row filter criteria are configured.

        To modify the column masking configuration, click More in the Operation column and click Edit Column Masking Parameter. This operation is supported only when column masking is configured.

      Adding Permissions for a Specified Resource

      You can add permissions for a specified resource (database or table).

      1. Log in to the LakeFormation console.
      2. In the upper left corner, click and choose Analytics > LakeFormation to access the LakeFormation console.
      3. Select the target LakeFormation instance from the drop-down list box on the left.
      4. Access the page for granting permissions to a specified resource.

        • Catalog: In the navigation pane, choose Metadata > Catalog. In the Operation column of the catalog to be authorized, choose More > Authorize.
        • Database: In the navigation pane on the left, choose Metadata > Database. In the upper right corner, select the name of the catalog to which the target database belongs from the Catalog drop-down list, and choose More > Authorize in the Operation column of the database.
        • Data Table: In the navigation pane, choose Metadata > Table. In the upper right corner, select the catalog to which the target data table belongs and the database name from the Catalog and Database drop-down lists. Click Authorize in the Operation column of the data table.
        • Function: In the navigation pane on the left, choose Metadata > Function. In the upper right corner, select the catalog to which the target function belongs and the name of the database from the Catalog and Database drop-down lists. Click Authorize in the Operation column of the function.

      5. Configure related information by referring to Table 1 and click OK.
      6. Choose Data Permissions > Data Authorization to view the authorization information.

        After the authorization is complete, users in the selected user group or users or user groups with the selected role can perform operations on the current database.

      Usamos cookies para aprimorar nosso site e sua experiência. Ao continuar a navegar em nosso site, você aceita nossa política de cookies. Saiba mais

      Feedback

      Feedback

      Feedback

      0/500

      Selected Content

      Submit selected content with the feedback