GetEffectivePermissionsForPath
Returns the Lake Formation permissions for a specified table or database resource located
at a path in Amazon S3. GetEffectivePermissionsForPath
will not return databases and tables if the catalog is encrypted.
Request Syntax
{
"CatalogId": "string
",
"MaxResults": number
,
"NextToken": "string
",
"ResourceArn": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CatalogId
-
The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern:
[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*
Required: No
- MaxResults
-
The maximum number of results to return.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 1000.
Required: No
- NextToken
-
A continuation token, if this is not the first call to retrieve this list.
Type: String
Required: No
- ResourceArn
-
The Amazon Resource Name (ARN) of the resource for which you want to get permissions.
Type: String
Required: Yes
Response Syntax
{
"NextToken": "string",
"Permissions": [
{
"AdditionalDetails": {
"ResourceShare": [ "string" ]
},
"Condition": {
"Expression": "string"
},
"LastUpdated": number,
"LastUpdatedBy": "string",
"Permissions": [ "string" ],
"PermissionsWithGrantOption": [ "string" ],
"Principal": {
"DataLakePrincipalIdentifier": "string"
},
"Resource": {
"Catalog": {
"Id": "string"
},
"Database": {
"CatalogId": "string",
"Name": "string"
},
"DataCellsFilter": {
"DatabaseName": "string",
"Name": "string",
"TableCatalogId": "string",
"TableName": "string"
},
"DataLocation": {
"CatalogId": "string",
"ResourceArn": "string"
},
"LFTag": {
"CatalogId": "string",
"TagKey": "string",
"TagValues": [ "string" ]
},
"LFTagExpression": {
"CatalogId": "string",
"Name": "string"
},
"LFTagPolicy": {
"CatalogId": "string",
"Expression": [
{
"TagKey": "string",
"TagValues": [ "string" ]
}
],
"ExpressionName": "string",
"ResourceType": "string"
},
"Table": {
"CatalogId": "string",
"DatabaseName": "string",
"Name": "string",
"TableWildcard": {
}
},
"TableWithColumns": {
"CatalogId": "string",
"ColumnNames": [ "string" ],
"ColumnWildcard": {
"ExcludedColumnNames": [ "string" ]
},
"DatabaseName": "string",
"Name": "string"
}
}
}
]
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- NextToken
-
A continuation token, if this is not the first call to retrieve this list.
Type: String
- Permissions
-
A list of the permissions for the specified table or database resource located at the path in Amazon S3.
Type: Array of PrincipalResourcePermissions objects
Errors
For information about the errors that are common to all actions, see Common Errors.
- EntityNotFoundException
-
A specified entity does not exist.
HTTP Status Code: 400
- InternalServiceException
-
An internal service error occurred.
HTTP Status Code: 500
- InvalidInputException
-
The input provided was not valid.
HTTP Status Code: 400
- OperationTimeoutException
-
The operation timed out.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: