Data Permissions
Permissions Policies
On the Instances page of the LakeFormation console, you can grant fine-grained data access permissions to user groups for all data resources such as catalogs, databases, and tables in an instance.
After the preceding authorization operations, one or more permission policies are generated.
A permission policy contains the authorization entity, authorization object, permissions, and authorization permissions. You can cancel a permission policy.
Authorization Entities
You can specify any user, user group, or role to be the authorization entity.
You can select GROUP, ROLE, and USER in the Entity Type.
- USER: Huawei Cloud IAM user
- GROUP: Huawei Cloud IAM user group
- ROLE: LakeFormation role
Authorization Objects
Metadata objects managed in LakeFormation, including data resources such as catalogs, databases, and tables. For instance, you can authorize permissions on the columns of a database a data table. The values of Resource Type include CATALOG, DATABASE, TABLE, COLUMN, and FUNC.
- CATALOG: A data catalog stores multiple databases.
- DATABASE: A database contains multiple data tables or functions.
- TABLE: A data table contains multiple columns.
- COLUMN: Columns in a LakeFormation table.
- FUNC: Functions managed by LakeFormation.
Permissions
You can grant different access and operation permissions on a data resource to an authorization entity, such as ALTER, DROP, and ALL. For details about the permissions that can be granted to each resource, see Table 1.
Authorization Permission
You can select Grant Authorization Permission to enable a user to grant the permissions that he or she has to others.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot