AWS redshift documentation change
Summary
Added database qualification syntax and federated permissions documentation for RLS policies
Security assessment
The change enables cross-database policy management and references federated permissions, improving access control documentation without fixing a security vulnerability.
Diff
diff --git a/redshift/latest/dg/r_ALTER_RLS_POLICY.md b/redshift/latest/dg/r_ALTER_RLS_POLICY.md index 3eb5c4e71..2ae5ae98d 100644 --- a//redshift/latest/dg/r_ALTER_RLS_POLICY.md +++ b//redshift/latest/dg/r_ALTER_RLS_POLICY.md @@ -18,2 +18,3 @@ Superusers and users or roles that have the `sys:secadmin` role can alter a poli - ALTER RLS POLICY _policy_name_ - USING (_using_predicate_exp_); + ALTER RLS POLICY + { policy_name | database_name.policy_name } + USING ( using_predicate_exp ); @@ -27,0 +29,5 @@ The name of the policy. +database_name + + +The name of the database from where the policy is created. The database can be the connected database or a database that supports Amazon Redshift federated permissions. + @@ -34,0 +41,2 @@ The expression has access to the variables declared in the WITH clause of the CR +For the usage of ALTER RLS POLICY on Amazon Redshift Federated Permissions Catalog, see [ Managing access control with Amazon Redshift federated permissions](https://docs.aws.amazon.com/redshift/latest/dg/federated-permissions-managing-access.html). +