LakeFormation资源权限支持列表与策略项
Lakeformation权限策略
|
类型 |
SQL语句 |
元数据IAM鉴权权限 |
SQL资源鉴权权限 |
|---|---|---|---|
|
DDL语句 |
ALTER DATABASE |
database:describe database:alter |
database:DESCRIBE database:ALTER |
|
ALTER TABLE |
database:describe table:describe table:alter database:create |
database:DESCRIBE table:DESCRIBE table:ALTER database:CREATE_TABLE column:SELECT或table:SELECT |
|
|
ALTER VIEW |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE column:SELECT table:ALTER |
|
|
CREATE DATABASE |
database:describe database:create |
database:DESCRIBE catalog:CREATE_DATABASE |
|
|
CREATE OR REPLACE FUNCTION (CREATE) |
database:describe function:create |
database:DESCRIBE database:CREATE_FUNC |
|
|
CREATE OR REPLACE FUNCTION (REPLACE) |
database:describe function:describe function:alter |
database:CREATE_FUNC database:DESCRIBE function:DESCRIBE function:ALTER |
|
|
CREATE TABLE |
database:describe table:describe table:create |
database:DESCRIBE database:CREATE_TABLE |
|
|
CREATE VIEW |
database:describe table:describe table:drop table:create |
database:CREATE_TABLE table:DESCRIBE(source\targer) table:DROP(target) column:SELECT |
|
|
DROP DATABASE |
database:describe database:drop |
database:DESCRIBE database:DROP |
|
|
DROP FUNCTION |
database:describe function:describe function:drop |
database:DESCRIBE function:DESCRIBE function:DROP |
|
|
DROP TABLE |
database:describe table:describe credential:describe table:drop |
database:DESCRIBE table:DESCRIBE table:DROP |
|
|
DROP VIEW |
database:describe table:describe table:drop |
database:DESCRIBE table:DESCRIBE(target\source) table:DROP(target) |
|
|
REPAIR TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:ALTER table:SELECT |
|
|
TRUNCATE TABLE |
database:describe table:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:UPDATE |
|
|
DML语句 |
INSERT TABLE |
database:describe table:describe table:alter credential:describe |
database:DESCRIBE table:DESCRIBE table:ALTER table:INSERT column:SELECT或table:SELECT |
|
LOAD DATA |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:UPDATE table:ALTER table:SELECT |
|
|
DR语句 |
SELECT |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE column:SELECT |
|
EXPLAIN |
取决于执行sql |
取决于执行sql |
|
|
Auxiliary 语句 |
ANALYZE TABLE |
database:describe table:describe credential:describe table:alter |
database:DESCRIBE table:DESCRIBE table:SELECT table:ALTER |
|
DESCRIBE DATABASE |
database:describe |
database:DESCRIBE |
|
|
DESCRIBE FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
DESCRIBE QUERY |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
DESCRIBE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
REFRESH TABLE |
database:describe table:describe credential:describe |
database:DESCRIBE table:DESCRIBE table:SELECT |
|
|
REFRESH FUNCTION |
database:describe function:describe |
database:DESCRIBE function:DESCRIBE |
|
|
SHOW COLUMNS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW CREATE TABLE |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW DATABASES |
database:describe |
catalog:LIST_DATABASE database:DESCRIBE |
|
|
SHOW FUNCTIONS |
database:describe function:describe |
database:DESCRIBE |
|
|
SHOW PARTITIONS |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW TABLE EXTENDED |
database:describe table:describe |
catalog:LIST_DATABASE database:DESCRIBE table:DESCRIBE database:LIST_TABLE |
|
|
SHOW TABLES |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
|
|
SHOW TBLPROPERTIES |
database:describe table:describe |
database:DESCRIBE table:DESCRIBE |
|
|
SHOW VIEWS |
database:describe table:describe |
catalog:LIST_DATABASE database:LIST_TABLE database:DESCRIBE |
