RevokePermissions
Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.
Request Syntax
{
"CatalogId": "string
",
"Permissions": [ "string
" ],
"PermissionsWithGrantOption": [ "string
" ],
"Principal": {
"DataLakePrincipalIdentifier": "string
"
},
"Resource": {
"Catalog": {
"Id": "string
"
},
"Database": {
"CatalogId": "string
",
"Name": "string
"
},
"DataCellsFilter": {
"DatabaseName": "string
",
"Name": "string
",
"TableCatalogId": "string
",
"TableName": "string
"
},
"DataLocation": {
"CatalogId": "string
",
"ResourceArn": "string
"
},
"LFTag": {
"CatalogId": "string
",
"TagKey": "string
",
"TagValues": [ "string
" ]
},
"LFTagExpression": {
"CatalogId": "string
",
"Name": "string
"
},
"LFTagPolicy": {
"CatalogId": "string
",
"Expression": [
{
"TagKey": "string
",
"TagValues": [ "string
" ]
}
],
"ExpressionName": "string
",
"ResourceType": "string
"
},
"Table": {
"CatalogId": "string
",
"DatabaseName": "string
",
"Name": "string
",
"TableWildcard": {
}
},
"TableWithColumns": {
"CatalogId": "string
",
"ColumnNames": [ "string
" ],
"ColumnWildcard": {
"ExcludedColumnNames": [ "string
" ]
},
"DatabaseName": "string
",
"Name": "string
"
}
}
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CatalogId
-
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern:
[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*
Required: No
- Permissions
-
The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.
Type: Array of strings
Valid Values:
ALL | SELECT | ALTER | DROP | DELETE | INSERT | DESCRIBE | CREATE_DATABASE | CREATE_TABLE | DATA_LOCATION_ACCESS | CREATE_LF_TAG | ASSOCIATE | GRANT_WITH_LF_TAG_EXPRESSION | CREATE_LF_TAG_EXPRESSION | CREATE_CATALOG | SUPER_USER
Required: Yes
- PermissionsWithGrantOption
-
Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.
Type: Array of strings
Valid Values:
ALL | SELECT | ALTER | DROP | DELETE | INSERT | DESCRIBE | CREATE_DATABASE | CREATE_TABLE | DATA_LOCATION_ACCESS | CREATE_LF_TAG | ASSOCIATE | GRANT_WITH_LF_TAG_EXPRESSION | CREATE_LF_TAG_EXPRESSION | CREATE_CATALOG | SUPER_USER
Required: No
- Principal
-
The principal to be revoked permissions on the resource.
Type: DataLakePrincipal object
Required: Yes
- Resource
-
The resource to which permissions are to be revoked.
Type: Resource object
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- ConcurrentModificationException
-
Two processes are trying to modify a resource simultaneously.
HTTP Status Code: 400
- EntityNotFoundException
-
A specified entity does not exist.
HTTP Status Code: 400
- InvalidInputException
-
The input provided was not valid.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: