ListPermissions
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
This operation returns only those permissions that have been explicitly granted.
For information about permissions, see Security and Access Control to Metadata and Data.
Request Syntax
{
"CatalogId": "string",
"IncludeRelated": "string",
"MaxResults": number,
"NextToken": "string",
"Principal": {
"DataLakePrincipalIdentifier": "string"
},
"Resource": {
"Catalog": {
},
"Database": {
"CatalogId": "string",
"Name": "string"
},
"DataCellsFilter": {
"DatabaseName": "string",
"Name": "string",
"TableCatalogId": "string",
"TableName": "string"
},
"DataLocation": {
"CatalogId": "string",
"ResourceArn": "string"
},
"LFTag": {
"CatalogId": "string",
"TagKey": "string",
"TagValues": [ "string" ]
},
"LFTagPolicy": {
"CatalogId": "string",
"Expression": [
{
"TagKey": "string",
"TagValues": [ "string" ]
}
],
"ResourceType": "string"
},
"Table": {
"CatalogId": "string",
"DatabaseName": "string",
"Name": "string",
"TableWildcard": {
}
},
"TableWithColumns": {
"CatalogId": "string",
"ColumnNames": [ "string" ],
"ColumnWildcard": {
"ExcludedColumnNames": [ "string" ]
},
"DatabaseName": "string",
"Name": "string"
}
},
"ResourceType": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CatalogId
-
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern:
[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*Required: No
- IncludeRelated
-
Indicates that related permissions should be included in the results.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 5.
Pattern:
[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*Required: No
- MaxResults
-
The maximum number of results to return.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 1000.
Required: No
- NextToken
-
A continuation token, if this is not the first call to retrieve this list.
Type: String
Required: No
- Principal
-
Specifies a principal to filter the permissions returned.
Type: DataLakePrincipal object
Required: No
- Resource
-
A resource where you will get a list of the principal permissions.
This operation does not support getting privileges on a table with columns. Instead, call this operation on the table, and the operation returns the table and the table w columns.
Type: Resource object
Required: No
- ResourceType
-
Specifies a resource type to filter the permissions returned.
Type: String
Valid Values:
CATALOG | DATABASE | TABLE | DATA_LOCATION | LF_TAG | LF_TAG_POLICY | LF_TAG_POLICY_DATABASE | LF_TAG_POLICY_TABLERequired: No
Response Syntax
{
"NextToken": "string",
"PrincipalResourcePermissions": [
{
"AdditionalDetails": {
"ResourceShare": [ "string" ]
},
"LastUpdated": number,
"LastUpdatedBy": "string",
"Permissions": [ "string" ],
"PermissionsWithGrantOption": [ "string" ],
"Principal": {
"DataLakePrincipalIdentifier": "string"
},
"Resource": {
"Catalog": {
},
"Database": {
"CatalogId": "string",
"Name": "string"
},
"DataCellsFilter": {
"DatabaseName": "string",
"Name": "string",
"TableCatalogId": "string",
"TableName": "string"
},
"DataLocation": {
"CatalogId": "string",
"ResourceArn": "string"
},
"LFTag": {
"CatalogId": "string",
"TagKey": "string",
"TagValues": [ "string" ]
},
"LFTagPolicy": {
"CatalogId": "string",
"Expression": [
{
"TagKey": "string",
"TagValues": [ "string" ]
}
],
"ResourceType": "string"
},
"Table": {
"CatalogId": "string",
"DatabaseName": "string",
"Name": "string",
"TableWildcard": {
}
},
"TableWithColumns": {
"CatalogId": "string",
"ColumnNames": [ "string" ],
"ColumnWildcard": {
"ExcludedColumnNames": [ "string" ]
},
"DatabaseName": "string",
"Name": "string"
}
}
}
]
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- NextToken
-
A continuation token, if this is not the first call to retrieve this list.
Type: String
- PrincipalResourcePermissions
-
A list of principals and their permissions on the resource for the specified principal and resource types.
Type: Array of PrincipalResourcePermissions objects
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalServiceException
-
An internal service error occurred.
HTTP Status Code: 500
- InvalidInputException
-
The input provided was not valid.
HTTP Status Code: 400
- OperationTimeoutException
-
The operation timed out.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
