ALL_TABLES grant option #23
Comments
|
boto3 or AWS Lakeformation API does not have the functionality to grant permissions to all tables. The closes is batch_grant_permissions or batch_revoke_permissions. However, these API take a maximum of 20 entries. The nice part of lakecli is that it can be part of script - bash or python and you can automate granting permissions to a larger set. Happy to discuss if you want to try writing such a script. |
|
Hi Rajat, Per boto3 documentation, batch_grant_permissions it can take a list of up to 20 entries. However, granting permissions to ALL TABLES within a Database can be performed by using "TableWildcard" option. Alternatively, this works via the CLI as well: The above command grants SELECT access to ALL TABLES within the to the IAM principal. Wonder if this feature could be added to lakecli, that would make it way easier to work with databases containing large number of tables. Apart from this limitation, found lakecli to be useful to view/ query permissions in a SQL-like dialect and to grant individual permissions! Thanks. |
|
Thanks for pointing this out. This is a valid feature request and it should be possible to support. I'll add it to the queue. Happy to also accept contributions :) |
|
Hey @vrajat any idea when this enhancement request is being planned? Happy to pair with you on this. |
|
Hi, Will you be able contribute code for this feature? |
Issue Summary
While lakecli is a great tool to view and manage permissions for your lakeformation resources, i think it is missing the ALL_TABLES grant option. For instance, if there are say 500 tables within a database, is it possible to GRANT select on ALL TABLES in database to a principal instead of granting each table at a time?
The text was updated successfully, but these errors were encountered: