LakeFormation资源权限支持列表与策略项
LakeFormation权限策略(Spark)
| 类型 | SQL语句 | 元数据IAM鉴权权限 | SQL资源鉴权权限 |
|---|---|---|---|
| DDL语句 | ALTER DATABASE | database:describe database:alter | database:DESCRIBE database:ALTER |
| ALTER TABLE | database:describe table:describe table:alter database:create | database:DESCRIBE table:DESCRIBE table:ALTER database:CREATE_TABLE column:SELECT或table:SELECT | |
| ALTER VIEW | database:describe table:describe table:alter | database:DESCRIBE table:DESCRIBE column:SELECT table:ALTER | |
| CREATE DATABASE | database:describe database:create | database:DESCRIBE catalog:CREATE_DATABASE | |
| CREATE OR REPLACE FUNCTION (CREATE) | database:describe function:create | database:DESCRIBE database:CREATE_FUNC | |
| CREATE OR REPLACE FUNCTION (REPLACE) | database:describe function:describe function:alter | database:CREATE_FUNC database:DESCRIBE function:DESCRIBE function:ALTER | |
| CREATE TABLE | database:describe table:describe table:create | database:DESCRIBE database:CREATE_TABLE | |
| CREATE VIEW | database:describe table:describe table:drop table:create | database:CREATE_TABLE table:DESCRIBE(source\target) table:DROP(target) column:SELECT | |
| DROP DATABASE | database:describe database:drop | database:DESCRIBE database:DROP | |
| DROP FUNCTION | database:describe function:describe function:drop | database:DESCRIBE function:DESCRIBE function:DROP | |
| DROP TABLE | database:describe table:describe credential:describe table:drop | database:DESCRIBE table:DESCRIBE table:DROP | |
| DROP VIEW | database:describe table:describe table:drop | database:DESCRIBE table:DESCRIBE(target\source) table:DROP(target) | |
| REPAIR TABLE | database:describe table:describe credential:describe table:alter | database:DESCRIBE table:DESCRIBE table:ALTER table:SELECT | |
| TRUNCATE TABLE | database:describe table:describe table:alter | database:DESCRIBE table:DESCRIBE table:SELECT table:UPDATE | |
| DML语句 | INSERT TABLE | database:describe table:describe table:alter credential:describe | database:DESCRIBE table:DESCRIBE table:ALTER table:INSERT column:SELECT或table:SELECT |
| LOAD DATA | database:describe table:describe credential:describe | database:DESCRIBE table:DESCRIBE table:UPDATE table:ALTER table:SELECT | |
| DR语句 | SELECT | database:describe table:describe credential:describe | database:DESCRIBE table:DESCRIBE column:SELECT |
| EXPLAIN | 取决于执行sql | 取决于执行sql | |
| Auxiliary 语句 | ANALYZE TABLE | database:describe table:describe credential:describe table:alter | database:DESCRIBE table:DESCRIBE table:SELECT table:ALTER |
| DESCRIBE DATABASE | database:describe | database:DESCRIBE | |
| DESCRIBE FUNCTION | database:describe function:describe | database:DESCRIBE function:DESCRIBE | |
| DESCRIBE QUERY | database:describe table:describe | database:DESCRIBE table:DESCRIBE table:SELECT | |
| DESCRIBE TABLE | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
| REFRESH TABLE | database:describe table:describe credential:describe | database:DESCRIBE table:DESCRIBE table:SELECT | |
| REFRESH FUNCTION | database:describe function:describe | database:DESCRIBE function:DESCRIBE | |
| SHOW COLUMNS | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
| SHOW CREATE TABLE | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
| SHOW DATABASES | database:describe | catalog:LIST_DATABASE database:DESCRIBE | |
| SHOW FUNCTIONS | database:describe function:describe | database:DESCRIBE | |
| SHOW PARTITIONS | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
| SHOW TABLE EXTENDED | database:describe table:describe | catalog:LIST_DATABASE database:DESCRIBE table:DESCRIBE database:LIST_TABLE | |
| SHOW TABLES | database:describe table:describe | catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE | |
| SHOW TBLPROPERTIES | database:describe table:describe | database:DESCRIBE table:DESCRIBE | |
| SHOW VIEWS | database:describe table:describe | catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
