Step 3: Set up data filters and grant permissions
This tutorial uses two data analysts: one responsible for the US marketplace and another for the Japanese marketplace. Each analyst uses Athena to analyze customer reviews for their specific marketplace only. Create two different data filters, one for the analyst responsible for the US marketplace, and another for the one responsible for the Japanese marketplace. Then, grant the analysts their respective permissions.
Create data filters and grant permissions
Create a filter to restrict access to the
US
marketplace
data.Sign into the Lake Formation console at https://console.amazonaws.cn/lakeformation/
in US East (N. Virginia) region as the DatalakeAdmin
user.Choose Data filters.
Choose Create new filter.
For Data filter name, enter
amazon_reviews_US
.For Target database, choose the database
lakeformation_tutorial_row_security
.For Target table, choose the table
amazon_reviews
.For Column-level access, leave as the default.
For Row filter expression, enter
marketplace='US'
.Choose Create filter.
-
Create a filter to restrict access to the Japanese
marketplace
data.On the Data filters page, choose Create new filter.
For Data filter name, enter
amazon_reviews_JP
.For Target database, choose the database
lakeformation_tutorial_row_security
.For Target table, choose the
table amazon_reviews
.For Column-level access, leave as the default.
For Row filter expression, enter
marketplace='JP'
.Choose Create filter.
Next, grant permissions to the data analysts using these data filters. Follow these steps to grant permissions to the US data analyst (
DataAnalystUS
):Under Permissions, choose Data lake permissions.
Under Data permission, choose Grant.
-
For Principals, choose IAM users and roles, and select the role
DataAnalystUS
. For LF tags or catalog resources, choose Named data catalog resources.
-
For Database, choose
lakeformation_tutorial_row_security
. For Tables-optional, choose
amazon_reviews
.For Data filters – optional¸ select
amazon_reviews_US
.-
For Data filter permissions, select Select.
Choose Grant.
Follow these steps to grant permissions to the Japanese data analyst (
DataAnalystJP
):Under Permissions, choose Data lake permissions.
Under Data permission, choose Grant.
-
For Principals, choose IAM users and roles, and select the role
DataAnalystJP
. For LF tags or catalog resources, choose Named data catalog resources.
-
For Database, choose
lakeformation_tutorial_row_security
. For Tables-optional, choose
amazon_reviews
.For Data filters – optional¸ select
amazon_reviews_JP
.-
For Data filter permissions, select Select.
Choose Grant.