Step 2: Provide fine-grained access to a user in the same account - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 2: Provide fine-grained access to a user in the same account

This section shows how a user in Account B (testuser1), acting as a data steward, provides fine-grained access to another user in the same account (testuser2) to the column name in the shared table aac_b_area_rl.

Grant fine-grained access to a user in the same account

  1. Sign into the Amazon console at https://console.amazonaws.cn/connect/ in Account B as testuser1.

  2. On the Lake Formation console, in the navigation pane, choose Tables.

    You can grant permissions on a table through its resource link. To do so, on the Tables page, select the resource link acc_b_area_rl, and on the Actions menu, choose Grant on target.

  3. In the Grant permissions section, select My account.

  4. For IAM users and roles¸ choose the user testuser2.

  5. For Column, choose the column name.

  6. For Table permissions, select Select.

  7. Choose Grant.

    When you create a resource link, only you can view and access it. To permit other users in your account to access the resource link, you need to grant permissions on the resource link itself. You need to grant DESCRIBE or DROP permissions. On the Tables page, select your table again and on the Actions menu, choose Grant.

  8. In the Grant permissions section, select My account.

  9. For IAM users and roles, select the user testuser2.

  10. For Resource link permissions¸ select Describe.

  11. Choose Grant.

  12. Sign into the Amazon console in Account B as testuser2.

    On the Athena console (https://console.amazonaws.cn/athena/), you should see the database and table acc_b_area_rl. You can now run a query on the table to see the column value that testuser2 has access to.