Authorizing or removing authorization from datashares (preview) - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Authorizing or removing authorization from datashares (preview)

This is prerelease documentation for the multi-data warehouse writes through data sharing feature for Amazon Redshift, which is available in public preview in the PREVIEW_2023 track. The documentation and the feature are both subject to change. We recommend that you use this feature only with test clusters, and not in production environments. For preview terms and conditions, see Beta Service Participation in Amazon Service Terms.

For more information about getting started with data sharing, go to Sharing both read and write data within an Amazon account or across accounts.

As a producer cluster administrator, choose which data consumers to authorize to access datashares or to remove authorization from. Authorized data consumers receive notifications to take actions on datashares. If you are adding a cluster namespace as a data consumer, you don't have to perform authorization.

Prerequisite: To authorize or remove authorization for the datashare, there must be at least one data consumer added to the datashare.

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Redshift console at https://console.amazonaws.cn/redshift/.

  2. On the navigation menu, choose Datashares. From here you can see a list called Datashares consumers. Choose one or more consumer clusters that you want to authorize. Then choose Authorize.

  3. The Authorize account dialog appears. You can choose among a couple authorization types.

    • Read-only on [cluster name or workgroup name] – This means that no write permissions are available on the consumer, even if the datashare creator granted write permissions.

    • Read and write on [cluster name or workgroup name] – This means that all permissions granted by the creator, including write permissions, are available on the consumer.

  4. Choose Save.

You can also authorize Amazon Web Services Data Exchange as a consumer.

  1. If you chose Publish to Amazon Glue Data Catalog when creating the datashare, you can only grant authorization of the datashare to a Lake Formation account.

    For Amazon Web Services Data Exchange datashare, you can only authorize one datashare at a time.

    When you authorize an Amazon Web Services Data Exchange datashare, you are sharing the datashare with the Amazon Web Services Data Exchange service and allowing Amazon Web Services Data Exchange to manage access to the datashare on your behalf. Amazon Web Services Data Exchange allows access to consumers by adding consumer accounts as data consumers to the Amazon Web Services Data Exchange datashare when they subscribe to the products. Amazon Web Services Data Exchange doesn't have read access to the datashare.

  2. Choose Save.

After data consumers are authorized, they can access datashare objects and create a consumer database to query the data.

Removing authorization:

Choose one or more consumer clusters that you want to remove authorization from. Then choose Remove authorization.

After authorization is removed, data consumers lose access to the datashare immediately.