Granting Lake Formation Permissions

AWS Lake Formation requires that each principal (user or role) be authorized to perform actions on Lake Formation–managed resources. A principal is granted the necessary authorizations by the data lake administrator or another principal with the permissions to grant Lake Formation permissions.

When you grant a Lake Formation permission to a principal, you can optionally grant the ability to pass that permission to another principal.

You can use the Lake Formation API, the AWS Command Line Interface (AWS CLI), or the Data permissions and Data locations pages of the Lake Formation console to grant and revoke Lake Formation permissions.

Topics

• IAM Permissions Required to Grant or Revoke Lake Formation Permissions
• Implicit Lake Formation Permissions
• Granting, Revoking, and Listing LF-Tag Permissions
• Granting and Revoking Data Catalog Permissions in Lake Formation
• Granting Data Location Permissions
• Lake Formation Permissions Reference

See Also:

• Lake Formation Access Control Overview (for an introduction to Lake Formation permissions)

• Lake Formation Permissions Reference (for details on each Lake Formation permission)