Intended audience - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Intended audience

This tutorial is intended for data stewards, data engineers, and data analysts. When it comes to sharing Data Catalog tables from Amazon Glue and administering permission in Lake Formation, data stewards within the producing accounts have functional ownership based on the functions they support, and can grant access to various consumers, external organizations, and accounts. The following table lists the roles that are used in this tutorial:

Role Description
DataLakeAdminProducer The data lake admin IAM user has the following access:

  • Full read, write, and update access to all resources in the Data Catalog

  • Ability to grant permissions to resources

  • Can create resource links for the shared table

  • Can attach LF-Tags to resources, which provides access to principals based on any policies created by data stewards

DataLakeAdminConsumer

The data lake admin IAM user has the following access:

  • Full read, write, and update access to all resources in the Data Catalog

  • Ability to grant permissions to resources

  • Can create resource links for the shared table

  • Can attach LF-Tags to resources, which provides access to principals based on any policies created by data stewards
DataAnalyst The DataAnalyst user has the following access:

  • Fine-grained access to resources shared by Lake Formation tag-based access policies or using named resources method