本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AmazonDataZoneRedshiftManageAccessRolePolicy
描述:此政策允许亚马逊将亚马逊 DataZone Redshift 数据发布到目录中。它还允许亚马逊授予访问 DataZone 权限或撤销对目录中已发布的亚马逊 Redshift 或 Amazon Redshift Serverless 资源的访问权限或撤消访问权限。
AmazonDataZoneRedshiftManageAccessRolePolicy
是一项 AWS 托管式策略。
使用此策略
您可以将 AmazonDataZoneRedshiftManageAccessRolePolicy
附加到您的用户、组和角色。
策略详细信息
-
类型:服务角色策略
-
创建时间:2023 年 9 月 22 日 20:15 UTC
-
编辑时间:2023 年 11 月 16 日 22:04 UTC
-
ARN:
arn:aws:iam::aws:policy/service-role/AmazonDataZoneRedshiftManageAccessRolePolicy
策略版本
策略版本:v2 (默认值)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "redshiftDataScopeDownPermissions", "Effect" : "Allow", "Action" : [ "redshift-data:BatchExecuteStatement", "redshift-data:DescribeTable", "redshift-data:ExecuteStatement", "redshift-data:ListTables", "redshift-data:ListSchemas", "redshift-data:ListDatabases" ], "Resource" : [ "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift:*:*:cluster:*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "listSecretsPermission", "Effect" : "Allow", "Action" : "secretsmanager:ListSecrets", "Resource" : "*" }, { "Sid" : "getWorkgroupPermission", "Effect" : "Allow", "Action" : "redshift-serverless:GetWorkgroup", "Resource" : [ "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "getNamespacePermission", "Effect" : "Allow", "Action" : "redshift-serverless:GetNamespace", "Resource" : [ "arn:aws:redshift-serverless:*:*:namespace/*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "redshiftDataPermissions", "Effect" : "Allow", "Action" : [ "redshift-data:DescribeStatement", "redshift-data:GetStatementResult", "redshift:DescribeClusters" ], "Resource" : "*" }, { "Sid" : "dataSharesPermissions", "Effect" : "Allow", "Action" : [ "redshift:AuthorizeDataShare", "redshift:DescribeDataShares" ], "Resource" : [ "arn:aws:redshift:*:*:datashare:*/datazone*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "associateDataShareConsumerPermission", "Effect" : "Allow", "Action" : "redshift:AssociateDataShareConsumer", "Resource" : "arn:aws:redshift:*:*:datashare:*/datazone*" } ] }