LakeFormation资源权限支持列表与策略项
LakeFormation权限策略(Spark)
类型 | SQL语句 | 元数据IAM鉴权权限 | SQL资源鉴权权限 |
|---|---|---|---|
DDL语句 | ALTER DATABASE | database:describe database:alter | database:DESCRIBE database:ALTER |
ALTER TABLE | database:describe table:describe table:alter database:create | database:DESCRIBE table:DESCRIBE table:ALTER database:CREATE_TABLE column:SELECT或table:SELECT | |
ALTER VIEW | database:describe table:describe table:alter | database:DESCRIBE table:DESCRIBE column:SELECT table:ALTER | |
CREATE DATABASE | database:describe database:create | database:DESCRIBE catalog:CREATE_DATABASE | |
CREATE OR REPLACE FUNCTION (CREATE) | database:describe function:create | database:DESCRIBE database:CREATE_FUNC | |
CREATE OR REPLACE FUNCTION (REPLACE) | database:describe function:describe function:alter | database:CREATE_FUNC database:DESCRIBE function:DESCRIBE function:ALTER | |
CREATE TABLE | database:describe table:describe table:create | database:DESCRIBE database:CREATE_TABLE | |
CREATE VIEW | database:describe table:describe table:drop table:create | database:CREATE_TABLE table:DESCRIBE(source\target) table:DROP(target) column:SELECT | |
DROP DATABASE | database:describe database:drop | database:DESCRIBE database:DROP | |
DROP FUNCTION | database:describe function:describe function:drop | database:DESCRIBE function:DESCRIBE function:DROP | |
DROP TABLE | database:describe table:describe credential:describe table:drop | database:DESCRIBE table:DESCRIBE table:DROP | |
DROP VIEW | database:describe table:describe table:drop | database:DESCRIBE table:DESCRIBE(target\source) table:DROP(target) | |
REPAIR TABLE | database:describe table:describe credential:describe table:alter | database:DESCRIBE table:DESCRIBE table:ALTER table:SELECT | |
TRUNCATE TABLE | database:describe table:describe table:alter | database:DESCRIBE table:DESCRIBE table:SELECT table:UPDATE | |
DML语句 | INSERT TABLE | database:describe table:describe table:alter credential:describe | database:DESCRIBE table:DESCRIBE table:ALTER table:INSERT column:SELECT或table:SELECT |
LOAD DATA | database:describe table:describe credential:describe | database:DESCRIBE table:DESCRIBE table:UPDATE table:ALTER table:SELECT | |
DR语句 | SELECT | database:describe table:describe credential:describe | database:DESCRIBE table:DESCRIBE column:SELECT |
EXPLAIN | 取决于执行sql | 取决于执行sql | |
Auxiliary 语句 | ANALYZE TABLE | database:describe table:describe credential:describe table:alter | database:DESCRIBE table:DESCRIBE table:SELECT table:ALTER |
DESCRIBE DATABASE | database:describe | database:DESCRIBE | |
DESCRIBE FUNCTION | database:describe function:describe | database:DESCRIBE function:DESCRIBE | |
DESCRIBE QUERY | database:describe table:describe | database:DESCRIBE table:DESCRIBE table:SELECT | |
DESCRIBE TABLE | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
REFRESH TABLE | database:describe table:describe credential:describe | database:DESCRIBE table:DESCRIBE table:SELECT | |
REFRESH FUNCTION | database:describe function:describe | database:DESCRIBE function:DESCRIBE | |
SHOW COLUMNS | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
SHOW CREATE TABLE | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
SHOW DATABASES | database:describe | catalog:LIST_DATABASE database:DESCRIBE | |
SHOW FUNCTIONS | database:describe function:describe | database:DESCRIBE | |
SHOW PARTITIONS | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
SHOW TABLE EXTENDED | database:describe table:describe | catalog:LIST_DATABASE database:DESCRIBE table:DESCRIBE database:LIST_TABLE | |
SHOW TABLES | database:describe table:describe | catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE | |
SHOW TBLPROPERTIES | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
SHOW VIEWS | database:describe table:describe | catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
