AWS glue documentation change
Summary
Added section about FGAC (Fine-Grained Access Control) for AWS Glue 5.0 Notebook sessions and removed outdated access control note
Security assessment
Documents security feature (FGAC) implementation but does not indicate a specific security vulnerability being addressed. Focuses on configuration requirements for access control.
Diff
diff --git a/glue/latest/dg/security-lf-enable.md b/glue/latest/dg/security-lf-enable.md index 824d706fa..1fa7be40a 100644 --- a/glue/latest/dg/security-lf-enable.md +++ b/glue/latest/dg/security-lf-enable.md @@ -5 +5 @@ -OverviewHow it worksMinimum workersEnable runtime permissionsSet up runtime permissionsSubmitting a job runSupported operations +OverviewHow it worksMinimum workersEnable runtime permissionsSet up runtime permissionsSubmitting a job runFGAC for AWS Glue 5.0 Notebook or interactive sessionsSupported operations @@ -17,2 +16,0 @@ With AWS Glue version 5.0 and higher, you can leverage AWS Lake Formation to app - * If you need database/table level access control, you can grant database/table permissions to your roles. This bypasses the need to migrate from `GlueContext` to Spark dataframe. - @@ -144,0 +143,6 @@ After you finish setting up the Lake Formation grants, you can submit Spark jobs +## FGAC for AWS Glue 5.0 Notebook or interactive sessions + +To enable Fine-Grained Access Control (FGAC) in AWS Glue you must specify the Spark confs required for Lake Formation as part of the %%configure magic before you create first cell. + +Specifying it later using the calls `SparkSession.builder().conf("").get()` or `SparkSession.builder().conf("").create()` will not be enough. This is a change from the AWS Glue 4.0 behavior. +