AWS Security ChangesHomeSearch

AWS redshift documentation change

Service: redshift · 2025-11-25 · Documentation low

File: redshift/latest/dg/r_DETACH_MASKING_POLICY.md

Summary

Expanded syntax to support database/schema qualification and federated permissions

Security assessment

Adds federated database support for detaching masking policies. Documents security feature usage without addressing specific vulnerabilities.

Diff

diff --git a/redshift/latest/dg/r_DETACH_MASKING_POLICY.md b/redshift/latest/dg/r_DETACH_MASKING_POLICY.md
index 94c1cb489..d538bc619 100644
--- a//redshift/latest/dg/r_DETACH_MASKING_POLICY.md
+++ b//redshift/latest/dg/r_DETACH_MASKING_POLICY.md
@@ -18,2 +18,5 @@ Superusers and users or roles that have the sys:secadmin role can detach a maski
-    DETACH MASKING POLICY policy_name
-       ON { table_name }
+    DETACH MASKING POLICY
+    {
+      policy_name ON table_name
+      | database_name.policy_name ON database_name.schema_name.table_name
+    }
@@ -29,0 +34,10 @@ The name of the masking policy to detach.
+database_name
+    
+
+The name of the database where the policy and the relation are created. The policy and the relation needs to be on the same database. The database can be the connected database or a database that supports Amazon Redshift federated permissions.
+
+schema_name
+    
+
+The name of the schema the relation belongs to.
+
@@ -60,0 +75,2 @@ You can only set one of user_name, role_name, and PUBLIC in a single DETACH MASK
+For the usage of DETACH MASKING POLICY on Amazon Redshift Federated Permissions Catalog, see [ Managing access control with Amazon Redshift federated permissions](https://docs.aws.amazon.com/redshift/latest/dg/federated-permissions-managing-access.html).
+