Step 10: Grant SELECT on the tables

You must grant the SELECT permission on the new Data Catalog tables so that the data analyst can query the data that the tables point to.

Note

A workflow automatically grants the SELECT permission on the tables that it creates to the user who ran it. Because the data lake administrator ran this workflow, you must grant SELECT to the data analyst.

In the Lake Formation console, in the navigation pane, under Data catalog, choose Databases.
Choose the lakeformation_cloudtrail database, then, from the Actions drop-down list, choose Grant under the heading Permissions.
In the Grant data permissions dialog box, make these selections:
1. Under Principals, for IAM user and roles, choose datalake_user.
2. Under LF-Tags or catalog resources, choose Named data catalog resources.
3. For Databases, the lakeformation_cloudtrail database should already be selected.
4. For Tables, choose cloudtrailtest-cloudtrail.
5. Under Table and column permissions, choose Select.
Choose Grant.

The next step is performed as the data analyst.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 9: Run the workflow

Step 11: Query the data lake Using Amazon Athena