AWS redshift documentation change
Summary
Added clarification about federated permissions support for ROW LEVEL SECURITY
Security assessment
The change documents extended support for row-level security in federated environments but doesn't address any security flaw or vulnerability.
Diff
diff --git a/redshift/latest/dg/r_ALTER_TABLE.md b/redshift/latest/dg/r_ALTER_TABLE.md index 732b68787..563346ada 100644 --- a//redshift/latest/dg/r_ALTER_TABLE.md +++ b//redshift/latest/dg/r_ALTER_TABLE.md @@ -620 +620 @@ A clause that turns on or off row-level security for a relation. -When row-level security is turned on for a relation, you can only read the rows that the row-level security policy permits you to access. When there isn't any policy granting you access to the relation, you can't see any rows from the relation. Only superusers and users or roles that have the `sys:secadmin` role can set the ROW LEVEL SECURITY clause. For more information, see [Row-level security](./t_rls.html). +When row-level security is turned on for a relation, you can only read the rows that the row-level security policy permits you to access. When there isn't any policy granting you access to the relation, you can't see any rows from the relation. Only superusers and users or roles that have the `sys:secadmin` role can set the ROW LEVEL SECURITY clause. For more information, see [Row-level security](./t_rls.html). This statement is supported on the connected database or on a database with amazon redshift federated permissions. FOR DATASHARES clause is not supported on a database with Amazon Redshift federated permissions.