pulumi-aws-kotlin/com.pulumi.aws.lakeformation.kotlin/LakeformationFunctions/getPermissions

getPermissions

suspend fun getPermissions(argument: GetPermissionsPlainArgs): GetPermissionsResult

Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see Security and Access Control to Metadata and Data in Lake Formation.

NOTE: This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see Implicit Lake Formation Permissions.

Example Usage

Permissions For A Lake Formation S3 Resource

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.LakeformationFunctions;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsArgs;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsDataLocationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var test = LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
            .principal(aws_iam_role.workflow_role().arn())
            .dataLocation(GetPermissionsDataLocationArgs.builder()
                .arn(aws_lakeformation_resource.test().arn())
                .build())
            .build());
    }
}
Content copied to clipboard

Permissions For A Glue Catalog Database

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.LakeformationFunctions;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsArgs;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var test = LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
            .principal(aws_iam_role.workflow_role().arn())
            .database(GetPermissionsDatabaseArgs.builder()
                .name(aws_glue_catalog_database.test().name())
                .catalogId("110376042874")
                .build())
            .build());
    }
}
Content copied to clipboard

Permissions For Tag-Based Access Control

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.LakeformationFunctions;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsArgs;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsLfTagPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var test = LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
            .principal(aws_iam_role.workflow_role().arn())
            .lfTagPolicy(GetPermissionsLfTagPolicyArgs.builder()
                .resourceType("DATABASE")
                .expressions(
                    GetPermissionsLfTagPolicyExpressionArgs.builder()
                        .key("Team")
                        .values("Sales")
                        .build(),
                    GetPermissionsLfTagPolicyExpressionArgs.builder()
                        .key("Environment")
                        .values(
                            "Dev",
                            "Production")
                        .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Return

A collection of values returned by getPermissions.

Parameters

argument

A collection of arguments for invoking getPermissions.

suspend fun getPermissions(catalogId: String? = null, catalogResource: Boolean? = null, dataLocation: GetPermissionsDataLocation? = null, database: GetPermissionsDatabase? = null, lfTag: GetPermissionsLfTag? = null, lfTagPolicy: GetPermissionsLfTagPolicy? = null, principal: String, table: GetPermissionsTable? = null, tableWithColumns: GetPermissionsTableWithColumns? = null): GetPermissionsResult

Return

A collection of values returned by getPermissions.

Parameters

catalogId

Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.

catalogResource

Whether the permissions are to be granted for the Data Catalog. Defaults to false.

dataLocation

Configuration block for a data location resource. Detailed below.

database

Configuration block for a database resource. Detailed below.

lfTag

Configuration block for an LF-tag resource. Detailed below.

lfTagPolicy

Configuration block for an LF-tag policy resource. Detailed below.

principal

Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles. One of the following is required:

table

Configuration block for a table resource. Detailed below.

tableWithColumns

Configuration block for a table with columns resource. Detailed below. The following arguments are optional:

See also

.

suspend fun getPermissions(argument: suspend GetPermissionsPlainArgsBuilder.() -> Unit): GetPermissionsResult

Return

A collection of values returned by getPermissions.

Parameters

argument

Builder for com.pulumi.aws.lakeformation.kotlin.inputs.GetPermissionsPlainArgs.

See also

.