Resource Permission Mapping - AWS Lake Formation¶
This section describes which Lake Formation permissions can be granted for each resource type (database, table, view, and so on). Use the table below when configuring access policies or troubleshooting permission sync.
| Resource type | Allowed permissions |
|---|---|
| tag | none |
| database | ALTER, CREATE_TABLE, DESCRIBE, DROP, ALL |
| table | ALTER, DELETE, DESCRIBE, DROP, INSERT, SELECT, ALL |
| view | SELECT, DESCRIBE, DROP, ALL |
| multiDialectView | DESCRIBE, DROP, SELECT |
Cross-account IAM roles¶
For database resources, the DROP and ALL (super) permissions are not supported for cross-account IAM roles. The connector skips granting or revoking these permissions for cross-account roles on databases.
For table and view resources, the DROP and ALL permissions are still supported for cross-account IAM roles.
- Prev Connector Guide