Navigation Guide
You are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.

RevokePermissionsCommand

Revokes permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { LakeFormationClient, RevokePermissionsCommand } from "@aws-sdk/client-lakeformation"; // ES Modules import
// const { LakeFormationClient, RevokePermissionsCommand } = require("@aws-sdk/client-lakeformation"); // CommonJS import
const client = new LakeFormationClient(config);
const input = { // RevokePermissionsRequest
  CatalogId: "STRING_VALUE",
  Principal: { // DataLakePrincipal
    DataLakePrincipalIdentifier: "STRING_VALUE",
  },
  Resource: { // Resource
    Catalog: { // CatalogResource
      Id: "STRING_VALUE",
    },
    Database: { // DatabaseResource
      CatalogId: "STRING_VALUE",
      Name: "STRING_VALUE", // required
    },
    Table: { // TableResource
      CatalogId: "STRING_VALUE",
      DatabaseName: "STRING_VALUE", // required
      Name: "STRING_VALUE",
      TableWildcard: {},
    },
    TableWithColumns: { // TableWithColumnsResource
      CatalogId: "STRING_VALUE",
      DatabaseName: "STRING_VALUE", // required
      Name: "STRING_VALUE", // required
      ColumnNames: [ // ColumnNames
        "STRING_VALUE",
      ],
      ColumnWildcard: { // ColumnWildcard
        ExcludedColumnNames: [
          "STRING_VALUE",
        ],
      },
    },
    DataLocation: { // DataLocationResource
      CatalogId: "STRING_VALUE",
      ResourceArn: "STRING_VALUE", // required
    },
    DataCellsFilter: { // DataCellsFilterResource
      TableCatalogId: "STRING_VALUE",
      DatabaseName: "STRING_VALUE",
      TableName: "STRING_VALUE",
      Name: "STRING_VALUE",
    },
    LFTag: { // LFTagKeyResource
      CatalogId: "STRING_VALUE",
      TagKey: "STRING_VALUE", // required
      TagValues: [ // TagValueList // required
        "STRING_VALUE",
      ],
    },
    LFTagPolicy: { // LFTagPolicyResource
      CatalogId: "STRING_VALUE",
      ResourceType: "DATABASE" || "TABLE", // required
      Expression: [ // Expression
        { // LFTag
          TagKey: "STRING_VALUE", // required
          TagValues: [ // required
            "STRING_VALUE",
          ],
        },
      ],
      ExpressionName: "STRING_VALUE",
    },
    LFTagExpression: { // LFTagExpressionResource
      CatalogId: "STRING_VALUE",
      Name: "STRING_VALUE", // required
    },
  },
  Permissions: [ // PermissionList // required
    "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  ],
  Condition: { // Condition
    Expression: "STRING_VALUE",
  },
  PermissionsWithGrantOption: [
    "ALL" || "SELECT" || "ALTER" || "DROP" || "DELETE" || "INSERT" || "DESCRIBE" || "CREATE_DATABASE" || "CREATE_TABLE" || "DATA_LOCATION_ACCESS" || "CREATE_LF_TAG" || "ASSOCIATE" || "GRANT_WITH_LF_TAG_EXPRESSION" || "CREATE_LF_TAG_EXPRESSION" || "CREATE_CATALOG" || "SUPER_USER",
  ],
};
const command = new RevokePermissionsCommand(input);
const response = await client.send(command);
// {};

RevokePermissionsCommand Input

See RevokePermissionsCommandInput for more details

Parameter	Type	Description
`Permissions` Required	`Permission[] \| undefined`	The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data .
`Principal` Required	`DataLakePrincipal \| undefined`	The principal to be revoked permissions on the resource.
`Resource` Required	`Resource \| undefined`	The resource to which permissions are to be revoked.
`CatalogId`	`string \| undefined`	The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
`Condition`	`Condition \| undefined`	A Lake Formation condition, which applies to permissions and opt-ins that contain an expression.
`PermissionsWithGrantOption`	`Permission[] \| undefined`	Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.

RevokePermissionsCommand Output

See RevokePermissionsCommandOutput for details

Parameter	Type	Description
`$metadata` Required	`ResponseMetadata`	Metadata pertaining to this request.

Throws

Name	Fault	Details
ConcurrentModificationException	client	Two processes are trying to modify a resource simultaneously.
EntityNotFoundException	client	A specified entity does not exist.
InvalidInputException	client	The input provided was not valid.
LakeFormationServiceException		Base exception class for all service exceptions from LakeFormation service.

Getting Started

References

RevokePermissionsCommand

Example Syntax

RevokePermissionsCommand Input

RevokePermissionsCommand Output

Throws

Table of Contents

Search