Intended audience - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Intended audience

This tutorial is intended for data stewards, data engineers, and data analysts. When it comes to managing Amazon Glue Data Catalog and administering permission in Lake Formation, data stewards within the producing accounts have functional ownership based on the functions they support, and can grant access to various consumers, external organizations, and accounts.

The following table lists the roles that are used in this tutorial:

Role Description
Data steward (administrator) The lf-data-steward user has the following access:

  • Read access to all resources in the Data Catalog

  • Can create LF-tags and associate to the data engineer role for grantable permission to other principals
Data engineer

lf-data-engineer user has the following access:

  • Full read, write, and update access to all resources in the Data Catalog

  • Data location permissions in the data lake

  • Can associate LF-tags and associate to the Data Catalog

  • Can attach LF-tags to resources, which provides access to principals based on any policies created by data stewards
Data analyst The lf-data-analyst user has the following access:

  • Fine-grained access to resources shared by Lake Formation tag-based access policies