Granting object level permissions to consumer users and roles in Amazon Redshift - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Redshift will no longer support the creation of new Python UDFs starting November 1, 2025. If you would like to use Python UDFs, create the UDFs prior to that date. Existing Python UDFs will continue to function as normal. For more information, see the blog post .

Granting object level permissions to consumer users and roles in Amazon Redshift

As a consumer administrator, you can grant permissions to consumer users and roles at the object level by completing the following steps.

SQL

If you created your database without WITH PERMISSIONS, you can only assign permissions on the entire database created from the datashare to your users and roles. 

GRANT USAGE ON DATABASE sales_db TO Bob;
GRANT USAGE ON SCHEMA sales_schema TO ROLE Analyst_role;

You can also create late-binding views on top of shared objects and use these to assign granular permissions. You can also consider having producer clusters create additional datashares for you with the granularity required.

If you created your database with WITH PERMISSIONS, you must assign object-level permissions for objects in the shared database. A user with only the USAGE permission can’t access any objects in a database created with WITH PERMISSIONS until they’re granted additional object-level permissions..

GRANT SELECT ON sales_db.public.tickit_sales_redshift to Bob;

For more information about granting permissions with multi-warehouse writes, see Managing permissions for a datashares in Amazon Redshift.