AWS Security ChangesHomeSearch

AWS redshift documentation change

Service: redshift · 2025-11-25 · Documentation low

File: redshift/latest/dg/r_CREATE_MASKING_POLICY.md

Summary

Added support for database-qualified policy names and documentation for federated permissions catalog usage

Security assessment

The change expands masking policy creation syntax to support federated databases and references access control documentation. While related to security features, there's no evidence of addressing a specific vulnerability.

Diff

diff --git a/redshift/latest/dg/r_CREATE_MASKING_POLICY.md b/redshift/latest/dg/r_CREATE_MASKING_POLICY.md
index 9b7a125dc..c4ab23ccb 100644
--- a//redshift/latest/dg/r_CREATE_MASKING_POLICY.md
+++ b//redshift/latest/dg/r_CREATE_MASKING_POLICY.md
@@ -19 +19 @@ Superusers and users or roles that have the sys:secadmin role can create a maski
-       _policy_name_ [IF NOT EXISTS]
+       { _policy_name_ | _database_name_._policy_name_ } [IF NOT EXISTS]
@@ -30,0 +32,5 @@ The name of the masking policy. The masking policy can't have the same name as a
+database_name
+    
+
+The name of the database where the policy will be created. Policy can be created on the connected database or on Amazon Redshift Federated Permissions Catalog.
+
@@ -44,0 +51,2 @@ You must have the USAGE permission on any user-defined functions that you use in
+For the usage of CREATE MASKING POLICY on Amazon Redshift Federated Permissions Catalog, see [ Managing access control with Amazon Redshift federated permissions](https://docs.aws.amazon.com/redshift/latest/dg/federated-permissions-managing-access.html).
+