Removing authorization from a datashare in Amazon Redshift - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Removing authorization from a datashare in Amazon Redshift

With Amazon Redshift, you can control access to datashares by revoking authorization for specified consumers. This sections provides instructions for revoking consumer access to your datashares in Amazon Redshift.

Note

To remove authorization for the datashare, there must be at least one data consumer added to the datashare.

Console

Choose one or more consumer clusters that you want to remove authorization from. Then, choose Remove authorization.

After authorization is removed, data consumers lose access to the datashare immediately.

API

The producer security administrator determines the following:

  • Whether or not another account can have access to the datashare.

  • If an account has access to the datashare, whether or not that account has write permissions.

The following IAM permissions are required to deauthorize a datashare:

redshift:DeauthorizeDataShare

You can deauthorize usage and writes using either a CLI call or with the API:

deauthorize-data-share --data-share-arn <value> --consumer-identifier <value>

For more information about the command, see deauthorize-data-share.