AWS lake-formation documentation change
Summary
Removed section about 'Principals by attributes', updated terminology from 'Databases, Tables' to 'catalogs, databases, tables', and corrected permission scope from 'All views' to 'All tables' to include tables and views.
Security assessment
Changes clarify terminology and correct permission scope but do not address a specific security vulnerability or introduce security documentation.
Diff
diff --git a/lake-formation/latest/dg/granting-view-permissions.md b/lake-formation/latest/dg/granting-view-permissions.md index 19cb6ef28..b79ccc8c9 100644 --- a/lake-formation/latest/dg/granting-view-permissions.md +++ b/lake-formation/latest/dg/granting-view-permissions.md @@ -78,5 +77,0 @@ An organizational unit ID starts with "ou-" followed by 4–32 lowercase letters -**Principals by attributes** - - -Specify the attribute key and value(s). If you choose more than one value, you are creating an attribute expression with an OR operator. This means that if any of the attribute tag values assigned to an IAM role or user match, the role/user gains access permissions on the resource - @@ -89 +84 @@ In the **LF-Tags or catalog resources** section, choose one or more views to gra - 2. Choose one or more views from the **Views** list. You can also choose one or more Databases, Tables, and/or Data filters. + 2. Choose one or more views from the **Views** list. You can also choose one or more catalogs, databases, tables, and/or data filters. @@ -91 +86 @@ In the **LF-Tags or catalog resources** section, choose one or more views to gra -Granting data lake permissions to `All views` within a database will result in the grantee having permissions on all tables and views within the database. +Granting data lake permissions to `All tables` within a database will result in the grantee having permissions on all tables and views within the database.