LakeFormation资源权限支持列表与策略项
Lakeformation权限策略(Spark)
|
类型 |
SQL语句 |
元数据IAM鉴权权限 |
SQL资源鉴权权限 |
|---|---|---|---|
|
DDL语句 |
ALTER DATABASE |
database:describe database:alter |
database:DESCRIBE database:ALTER |
|
ALTER TABLE |
database:describe table:describe table:alter database:create |
database:DESCRIBE table:DESCRIBE table:ALTER database:CREATE_TABLE column:SELECT或table:SELECT |
|
|
ALTER VIEW |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE column:SELECT table:ALTER |
|
|
CREATE DATABASE |
database:describe database:create |
database:DESCRIBE catalog:CREATE_DATABASE |
|
|
CREATE OR REPLACE FUNCTION (CREATE) |
database:describe function:create |
database:DESCRIBE database:CREATE_FUNC |
|
|
CREATE OR REPLACE FUNCTION (REPLACE) |
database:describe function:describe function:alter |
database:CREATE_FUNC database:DESCRIBE function:DESCRIBE function:ALTER |
|
|
CREATE TABLE |
database:describe table:describe table:create |
database:DESCRIBE database:CREATE_TABLE |
|
|
CREATE VIEW |
database:describe table:describe table:drop table:create |
database:CREATE_TABLE table:DESCRIBE(source\target) table:DROP(target) column:SELECT |
|
|
DROP DATABASE |
database:describe database:drop |
database:DESCRIBE database:DROP |
|
|
DROP FUNCTION |
database:describe function:describe function:drop |
database:DESCRIBE function:DESCRIBE function:DROP |
|
|
DROP TABLE |
database:describe table:describe credential:describe table:drop |
database:DESCRIBE table:DESCRIBE table:DROP |
|
|
DROP VIEW |
database:describe table:describe table:drop |
database:DESCRIBE table:DESCRIBE(target\source) table:DROP(target) |
|
|
REPAIR TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:ALTER table:SELECT |
|
|
TRUNCATE TABLE |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:UPDATE |
|
|
DML语句 |
INSERT TABLE |
database:describe table:describe table:alter credential:describe |
database:DESCRIBE table:DESCRIBE table:ALTER table:INSERT column:SELECT或table:SELECT |
|
LOAD DATA |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:UPDATE table:ALTER table:SELECT |
|
|
DR语句 |
SELECT |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE column:SELECT |
|
EXPLAIN |
取决于执行sql |
取决于执行sql |
|
|
Auxiliary 语句 |
ANALYZE TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:ALTER |
|
DESCRIBE DATABASE |
database:describe |
database:DESCRIBE |
|
|
DESCRIBE FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
DESCRIBE QUERY |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
DESCRIBE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
REFRESH TABLE |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
REFRESH FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
SHOW COLUMNS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW CREATE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW DATABASES |
database:describe |
catalog:LIST_DATABASE database:DESCRIBE |
|
|
SHOW FUNCTIONS |
database:describe function:describe |
database:DESCRIBE |
|
|
SHOW PARTITIONS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW TABLE EXTENDED |
database:describe table:describe |
catalog:LIST_DATABASE database:DESCRIBE table:DESCRIBE database:LIST_TABLE |
|
|
SHOW TABLES |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
|
|
SHOW TBLPROPERTIES |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW VIEWS |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
Lakeformation权限策略(HetuEngine)
|
类型 |
语法 |
SQL鉴权所需 LakeFormation权限 |
调用元数据接口所需 LakeFormation权限 |
|---|---|---|---|
|
schema |
create schema |
catalog:CREATE_DATABASE |
catalog:CREATE_DATABASE catalog:DESCRIBE |
|
show schemas |
catalog:LIST_DATABASE |
catalog:LIST_DATABASE |
|
|
drop schema |
database:DROP |
catalog:LIST_DATABASE database:DESCRIBE database:DROP |
|
|
alter schema set location/owner |
database:ALTER |
catalog:LIST_DATABASE database:DESCRIBE database:ALTER |
|
|
desc schema |
database:LIST_DATABASE |
database:LIST_DATABASE database:DESCRIBE |
|
|
table |
create table |
database:CREATE_TABLE |
database:DESCRIBE database:CREATE_TABLE |
|
create table as select |
database:CREATE_TABLE 源表:SELECT(或列:SELECT) |
database:DESCRIBE database:CREATE_TABLE table:DESCRIBE(源表) table:select(源表) |
|
|
show create table |
table:DESCRIBE |
table:DESCRIBE table:select |
|
|
select from table |
table:SELECT(或column:SELECT) |
table:DESCRIBE table:SELECT(或column:SELECT) |
|
|
insert into table |
table:INSERT table:SELECT(或column:SELECT) |
table:DESCRIBE table:ALTER |
|
|
alter table |
table:ALTER |
table:DESCRIBE table:ALTER |
|
|
show tables |
database:LIST_TABLE |
catalog:LIST_DATABASE database:LIST_TABLE |
|
|
drop table |
table:DROP |
table:DESCRIBE table:DROP |
|
|
truncate table |
table:DELETE |
table:DESCRIBE |
|
|
desc table |
table:DESCRIBE |
catalog:LIST_DATABASE table:DESCRIBE |
|
|
comment |
table:ALTER |
table:DESCRIBE table:ALTER |
|
|
view |
create view |
database:CREATE_TABLE 源表:SELECT(或列:SELECT) |
database:CREATE_TABLE table:DESCRIBE(源表) table:select(源表) |
|
drop view |
table:DROP |
table:DESCRIBE table:DROP |
|
|
alter view |
table:ALTER |
table:DESCRIBE table:ALTER (table:SELECT) |
|
|
select from view |
table:DESCRIBE(源表和视图) table:select(源表和视图) |
table:DESCRIBE(源表和视图) table:select(源表和视图) |
|
|
show views |
database:LIST_TABLE |
catalog:LIST_DATABASE database:LIST_TABLE table:DESCRIBE |
|
|
show create view |
table:DESCRIBE |
table:DESCRIBE |
|
|
column |
show columns |
table:SELECT(或column:SELECT) |
catalog:LIST_DATABASE table:DESCRIBE table:SELECT(或column:SELECT) |
|
select [column] from table |
table:SELECT(或column:SELECT) |
table:DESCRIBE table:SELECT(或column:SELECT) |
|
|
stats |
show stats |
table:SELECT(或column:SELECT) |
table:DESCRIBE table:SELECT(或column:SELECT) |
|
analyze |
table:INSERT table:SELECT(或column:SELECT) |
table:DESCRIBE table:ALTER |
