Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Listing data filter permissions
You can use the Lake Formation console to view the permissions granted on data filters.
To view permissions on a data filter, you must be a Data Lake administrator or have the
required permissions on the data filter.
- Console
-
Sign in to the Amazon Web Services Management Console and open the Lake Formation console at
https://console.amazonaws.cn/lakeformation/.
-
In the navigation pane, under Permissions, choose
Data permissions.
-
On the Data Permissions page, click or tap in the search
field, and on the Properties menu, choose Resource
type.
-
On the Resource type menu, choose Resource type:
Data cell filter.
The data filters that you have permissions on are listed. You might have to
scroll horizontally to see the Permissions and
Grantable columns.
- Amazon CLI
-
-
Enter a list-permissions
command. Specify
DataCellsFilter
for the resource
argument, and specify
DESCRIBE
or DROP
for the Permissions
argument and, optionally, for the PermissionsWithGrantOption
argument.
The following example lists DESCRIBE
permissions with the grant
option on the data filter restrict-pharma
. The results are limited to
permissions granted for the principal datalake_user1
and the
orders
table in the sales
database in Amazon account
1111-2222-3333.
aws lakeformation list-permissions --cli-input-json file://list-params.json
The following are the contents of file
grant-params.json
.
{
"Principal": {"DataLakePrincipalIdentifier": "arn:aws:iam::111122223333:user/datalake_user1"},
"Resource": {
"DataCellsFilter": {
"TableCatalogId": "111122223333",
"DatabaseName": "sales",
"TableName": "orders",
"Name": "restrict-pharma"
}
},
"Permissions": ["DESCRIBE"],
"PermissionsWithGrantOption": ["DESCRIBE"]
}