RevokePermissions - Lake Formation

RevokePermissions

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

Request Syntax

{ "CatalogId": "string", "Permissions": [ "string" ], "PermissionsWithGrantOption": [ "string" ], "Principal": { "DataLakePrincipalIdentifier": "string" }, "Resource": { "Catalog": { "Id": "string" }, "Database": { "CatalogId": "string", "Name": "string" }, "DataCellsFilter": { "DatabaseName": "string", "Name": "string", "TableCatalogId": "string", "TableName": "string" }, "DataLocation": { "CatalogId": "string", "ResourceArn": "string" }, "LFTag": { "CatalogId": "string", "TagKey": "string", "TagValues": [ "string" ] }, "LFTagExpression": { "CatalogId": "string", "Name": "string" }, "LFTagPolicy": { "CatalogId": "string", "Expression": [ { "TagKey": "string", "TagValues": [ "string" ] } ], "ExpressionName": "string", "ResourceType": "string" }, "Table": { "CatalogId": "string", "DatabaseName": "string", "Name": "string", "TableWildcard": { } }, "TableWithColumns": { "CatalogId": "string", "ColumnNames": [ "string" ], "ColumnWildcard": { "ExcludedColumnNames": [ "string" ] }, "DatabaseName": "string", "Name": "string" } } }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CatalogId

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: [\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*

Required: No

Permissions

The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.

Type: Array of strings

Valid Values: ALL | SELECT | ALTER | DROP | DELETE | INSERT | DESCRIBE | CREATE_DATABASE | CREATE_TABLE | DATA_LOCATION_ACCESS | CREATE_LF_TAG | ASSOCIATE | GRANT_WITH_LF_TAG_EXPRESSION | CREATE_LF_TAG_EXPRESSION | CREATE_CATALOG | SUPER_USER

Required: Yes

PermissionsWithGrantOption

Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.

Type: Array of strings

Valid Values: ALL | SELECT | ALTER | DROP | DELETE | INSERT | DESCRIBE | CREATE_DATABASE | CREATE_TABLE | DATA_LOCATION_ACCESS | CREATE_LF_TAG | ASSOCIATE | GRANT_WITH_LF_TAG_EXPRESSION | CREATE_LF_TAG_EXPRESSION | CREATE_CATALOG | SUPER_USER

Required: No

Principal

The principal to be revoked permissions on the resource.

Type: DataLakePrincipal object

Required: Yes

Resource

The resource to which permissions are to be revoked.

Type: Resource object

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

ConcurrentModificationException

Two processes are trying to modify a resource simultaneously.

HTTP Status Code: 400

EntityNotFoundException

A specified entity does not exist.

HTTP Status Code: 400

InvalidInputException

The input provided was not valid.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: