Skip to content
Alchemy
GitHubXDiscord

PrincipalPermissions

The PrincipalPermissions resource lets you manage permissions for data lake principals in AWS LakeFormation. You can define granular access controls to your data lake resources. For more details, refer to the official AWS documentation: AWS LakeFormation PrincipalPermissionss.

Minimal Example

Section titled “Minimal Example”

Create a basic PrincipalPermissions resource with required properties and a common optional property.

import AWS from "alchemy/aws/control";


const basicPermissions = await AWS.LakeFormation.PrincipalPermissions("basicPermissions", {
  Resource: {
    Table: {
      DatabaseName: "finance_db",
      Name: "transactions"
    }
  },
  Permissions: ["SELECT"],
  Principal: {
    DataLakePrincipalIdentifier: "user@example.com"
  },
  PermissionsWithGrantOption: ["SELECT"]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure advanced permissions including catalog-level permissions and multiple permissions.

const advancedPermissions = await AWS.LakeFormation.PrincipalPermissions("advancedPermissions", {
  Resource: {
    Catalog: {}
  },
  Permissions: ["ALL"],
  Catalog: "finance_catalog",
  Principal: {
    DataLakePrincipalIdentifier: "group:finance-team"
  },
  PermissionsWithGrantOption: ["SELECT", "INSERT"]
});

Granting Permissions with Options

Section titled “Granting Permissions with Options”

Demonstrate how to grant permissions with grant options on a specific table.

const tablePermissionsWithGrant = await AWS.LakeFormation.PrincipalPermissions("tablePermissionsWithGrant", {
  Resource: {
    Table: {
      DatabaseName: "sales_db",
      Name: "customer_data"
    }
  },
  Permissions: ["INSERT"],
  Principal: {
    DataLakePrincipalIdentifier: "role:analytics-role"
  },
  PermissionsWithGrantOption: ["INSERT"]
});

Catalog-Level Permissions

Section titled “Catalog-Level Permissions”

Create a PrincipalPermissions resource that grants catalog-level permissions to a user.

const catalogPermissions = await AWS.LakeFormation.PrincipalPermissions("catalogPermissions", {
  Resource: {
    Catalog: {}
  },
  Permissions: ["CREATE_DATABASE"],
  Principal: {
    DataLakePrincipalIdentifier: "user:admin@example.com"
  },
  PermissionsWithGrantOption: []
});