GetEffectivePermissionsForPath - Lake Formation

GetEffectivePermissionsForPath

Returns the Lake Formation permissions for a specified table or database resource located at a path in Amazon S3. GetEffectivePermissionsForPath will not return databases and tables if the catalog is encrypted.

Request Syntax

{ "CatalogId": "string", "MaxResults": number, "NextToken": "string", "ResourceArn": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CatalogId

The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: [\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*

Required: No

MaxResults

The maximum number of results to return.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 1000.

Required: No

NextToken

A continuation token, if this is not the first call to retrieve this list.

Type: String

Required: No

ResourceArn

The Amazon Resource Name (ARN) of the resource for which you want to get permissions.

Type: String

Required: Yes

Response Syntax

{ "NextToken": "string", "Permissions": [ { "AdditionalDetails": { "ResourceShare": [ "string" ] }, "Condition": { "Expression": "string" }, "LastUpdated": number, "LastUpdatedBy": "string", "Permissions": [ "string" ], "PermissionsWithGrantOption": [ "string" ], "Principal": { "DataLakePrincipalIdentifier": "string" }, "Resource": { "Catalog": { "Id": "string" }, "Database": { "CatalogId": "string", "Name": "string" }, "DataCellsFilter": { "DatabaseName": "string", "Name": "string", "TableCatalogId": "string", "TableName": "string" }, "DataLocation": { "CatalogId": "string", "ResourceArn": "string" }, "LFTag": { "CatalogId": "string", "TagKey": "string", "TagValues": [ "string" ] }, "LFTagExpression": { "CatalogId": "string", "Name": "string" }, "LFTagPolicy": { "CatalogId": "string", "Expression": [ { "TagKey": "string", "TagValues": [ "string" ] } ], "ExpressionName": "string", "ResourceType": "string" }, "Table": { "CatalogId": "string", "DatabaseName": "string", "Name": "string", "TableWildcard": { } }, "TableWithColumns": { "CatalogId": "string", "ColumnNames": [ "string" ], "ColumnWildcard": { "ExcludedColumnNames": [ "string" ] }, "DatabaseName": "string", "Name": "string" } } } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken

A continuation token, if this is not the first call to retrieve this list.

Type: String

Permissions

A list of the permissions for the specified table or database resource located at the path in Amazon S3.

Type: Array of PrincipalResourcePermissions objects

Errors

For information about the errors that are common to all actions, see Common Errors.

EntityNotFoundException

A specified entity does not exist.

HTTP Status Code: 400

InternalServiceException

An internal service error occurred.

HTTP Status Code: 500

InvalidInputException

The input provided was not valid.

HTTP Status Code: 400

OperationTimeoutException

The operation timed out.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: