Revoking Data Catalog Permissions (Same Account) - AWS Lake Formation

Revoking Data Catalog Permissions (Same Account)

Follow these steps to revoke Lake Formation permissions on a Data Catalog database, table, or resource link from a principal in your account.

To revoke Data Catalog permissions (same account)

  1. Open the Lake Formation console at https://console.aws.amazon.com/lakeformation/.

    Sign in as a data lake administrator or as a user who has the grant option on the permissions for the target Data Catalog resources.

  2. In the navigation pane, choose Data permissions, and then choose Revoke.

  3. Ensure that the My account tile is selected. Then provide the following information:

    • For IAM users and roles, choose one or more principals.

      To revoke permissions for IAMAllowedPrincipals, scroll to the bottom of the list until you see the Group heading.

    • For SAML and Amazon QuickSight users and groups, enter one or more Amazon Resource Names (ARNs) for users or groups federated through SAML or ARNs for Amazon QuickSight users or groups.

      Enter one ARN at a time, and press Enter after each ARN. For information about how to construct the ARNs, see Lake Formation Grant and Revoke AWS CLI Commands.

    • For Database, choose one or more databases or database resource links.

      The currently granted permissions for the databases or resource links are selected under Database permissions and Grantable permissions. If only one database is selected, the tables list populates.

    • If you're revoking permissions for tables or table resource links, for Table, choose one or more tables or resource links, or * All tables.

      The currently granted permissions for the tables or resource links are selected under Table permissions or Resource link permissions. Currently granted grantable permissions are selected under Grantable permissions.

  4. Clear the check boxes for any permissions that you don't want to revoke.

  5. Choose Revoke.

Note

Remember to revoke any corresponding data location permissions as well.