AWS redshift documentation change
Summary
Added support for database-qualified policy names and documentation for Amazon Redshift Federated Permissions
Security assessment
The change extends syntax to support cross-database policies and adds documentation about federated permissions, which enhances access control capabilities but doesn't address any specific vulnerability.
Diff
diff --git a/redshift/latest/dg/r_ALTER_MASKING_POLICY.md b/redshift/latest/dg/r_ALTER_MASKING_POLICY.md index 6efb97154..0093f21d4 100644 --- a//redshift/latest/dg/r_ALTER_MASKING_POLICY.md +++ b//redshift/latest/dg/r_ALTER_MASKING_POLICY.md @@ -18,2 +18,5 @@ Superusers and users or roles that have the sys:secadmin role can alter a maskin - ALTER MASKING POLICY _policy_name_ - USING (_masking_expression_); + ALTER MASKING POLICY + { _policy_name_ | _database_name_._policy_name_ } + USING (masking_expression); + + @@ -27,0 +31,5 @@ The name of the masking policy. This must be the name of a masking policy that a +database_name + + +The name of the database from where the policy is created. The database can be the connected database or a database that supports Amazon Redshift federated permissions. + @@ -36,0 +45,2 @@ You must have the USAGE permission on any user-defined functions that you use in +For the usage of ALTER MASKING POLICY on Amazon Redshift Federated Permissions Catalog, see [ Managing access control with Amazon Redshift federated permissions](https://docs.aws.amazon.com/redshift/latest/dg/federated-permissions-managing-access.html). +