AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-04-18 · Documentation low

File: lake-formation/latest/dg/granting-view-permissions.md

Summary

Updated UI terminology and added ABAC configuration details including attribute-based principal selection and cross-account scope specification

Security assessment

Adds documentation about attribute-based access control (ABAC) implementation for views, which is a security feature enhancement, but doesn't address a specific security issue.

Diff

diff --git a/lake-formation/latest/dg/granting-view-permissions.md b/lake-formation/latest/dg/granting-view-permissions.md
index b79ccc8c9..166fa44e9 100644
--- a//lake-formation/latest/dg/granting-view-permissions.md
+++ b//lake-formation/latest/dg/granting-view-permissions.md
@@ -5 +5 @@
-Open the Grant data lake permissions pageSpecify the principal typesSpecify the viewsSpecify the permissions
+Open the Grant permissions pageSpecify the principal typesSpecify the viewsSpecify the permissions
@@ -9 +9 @@ Open the Grant data lake permissions pageSpecify the principal typesSpecify the
-The following steps explain how to grant permissions on views by using the named resource method and the **Grant data lake permissions** page. The page is divided into the following sections:
+The following steps explain how to grant permissions on views by using the named resource method and the **Grant permissions** page. The page is divided into the following sections:
@@ -20 +20 @@ The following steps explain how to grant permissions on views by using the named
-## Open the **Grant data lake permissions** page
+## Open the **Grant permissions** page
@@ -26 +26 @@ The following steps explain how to grant permissions on views by using the named
-     * In the navigation pane, under **Permissions** , choose **Data lake permissions**. Then choose **Grant**.
+     * In the navigation pane, under **Permissions** , choose **Data permissions**. Then choose **Grant**.
@@ -77,0 +78,7 @@ An organizational unit ID starts with "ou-" followed by 4–32 lowercase letters
+**Principals by attributes**
+    
+
+Specify the attribute key and value(s). If you choose more than one value, you are creating an attribute expression with an OR operator. This means that if any of the attribute tag values assigned to an IAM role or user match, the role/user gains access permissions on the resource
+
+Choose the permission scope by specifying if you're granting permissions to principals with matching attributes in the same account or in another account. 
+