AWS lake-formation documentation change
Summary
Expanded required Glue permissions to include 'glue:GetCatalogs' and 'glue:GetCatalog' for catalog-level grants.
Security assessment
Adds new permissions to documentation but does not indicate a security fix. This appears to be a routine update to reflect expanded feature support rather than addressing a security issue.
Diff
diff --git a/lake-formation/latest/dg/required-permissions-for-grant.md index a1785b0ef..88cb9c820 100644 --- a/lake-formation/latest/dg/required-permissions-for-grant.md +++ b/lake-formation/latest/dg/required-permissions-for-grant.md @@ -17 +17 @@ All principals, including the data lake administrator, need the following AWS Id - * `glue:GetTable` or `glue:GetDatabase` for a table or database that you're granting permissions using the named resource method. + * `glue:GetTable`, `glue:GetDatabase`, or `glue:GetCatalog` for a table, database, or catalog that you're granting permissions using the named resource method. @@ -41,0 +42 @@ The following IAM policy is recommended for principals who are not data lake adm + "glue:GetCatalogs", @@ -44,0 +46 @@ The following IAM policy is recommended for principals who are not data lake adm + "glue:GetCatalog",